Watch out for StripedFly malware

Cybersecurity researchers have discovered a sophisticated cross-platform malware platform named StripedFly malware that has infected over 1 million Windows and Linux systems since 2017. The malware, which was wrongly classified as just a Monero cryptocurrency miner, is designed to evade detection and steal sensitive data from victims.

ADVERTISEMENT

StripedFly malware is unique in that it can target both Windows and Linux systems, making it a more dangerous threat than traditional malware. The malware is also highly modular, meaning that it can be customized to carry out a variety of malicious tasks, including:

Stealing sensitive data, such as passwords, credit card numbers, and other personal information

  • Disabling security software
  • Launching denial-of-service attacks
  • Mining cryptocurrency
  • Installing other malware

StripedFly is believed to be the work of a highly skilled and experienced threat actor. The malware is well-crafted and uses a variety of sophisticated techniques to evade detection.

StripedFly malware
StripedFly malware does not affect macOS

How StripedFly malware infects systems

StripedFly is typically spread through phishing emails or malicious websites. When a victim clicks on a malicious link or opens an infected attachment, StripedFly malware is downloaded to their system.

Once installed, StripedFly malware uses a variety of techniques to hide its presence and evade detection. For example, the malware can disable security software, modify system settings, and encrypt its files.

StripedFly malware can also communicate with its command-and-control server to receive instructions and download updates. This makes it very difficult for security researchers to track and disrupt the malware.

Malware modules

StripedFly malware operates as a monolithic binary executable with pluggable modules, giving it an operational versatility often associated with APT operations.

StripedFly’s modules from Kaspersky’s report are as follows:

  • Configuration storage: Stores encrypted malware configuration
  • Upgrade/Uninstall: Manages updates or removal based on C2 server commands
  • Reverse proxy: Allows remote actions on the victim’s network
  • Miscellaneous command handler: Executes varied commands like screenshot capture and shellcode execution
  • Credential harvester: Scans and collects sensitive user data like passwords and usernames
  • Repeatable tasks: Carries out specific tasks under certain conditions, such as microphone recording
  • Recon module: Sends detailed system information to the C2 server
  • SSH infector: Uses harvested SSH credentials to penetrate other systems
  • SMBv1 infector: Worms into other Windows systems using a custom EternalBlue exploit
  • Monero mining module: Mines Monero while camouflaged as a “chrome.exe” process

Read alsoAI responses may link to malware.

What to do to protect yourself from StripedFly?

To safeguard yourself from the StripedFly malware, there are several proactive measures you can take. First and foremost, exercise caution when dealing with emails and their attachments. Avoid opening suspicious emails and refrain from downloading unfamiliar attachments.

Moreover, it’s essential to maintain the security of your digital fortress. Ensure that your security software is consistently updated to fortify your defenses against potential breaches.

Another vital aspect of protection involves password management. Utilize a robust password manager to generate and securely store unique passwords for all your online accounts. Complement this with the implementation of two-factor authentication across your online platforms to add an extra layer of security.

Additionally, don’t overlook the significance of regular data backups. Safeguard your essential data by creating backups to mitigate potential data loss in case of an attack.

There are several steps you must take if you suspect you have been affected by StripedFly malware – Image courtesy of DCstudio/Freepik

If you suspect that your system has fallen victim to StripedFly malware, swift action is imperative to mitigate the damage.

Follow these steps to address the issue:

  1. Isolate your system: Disconnect your system from the internet to prevent the malware from spreading further. This step is crucial in containing the infection
  2. Change passwords: As a precaution, change the passwords for all your online accounts to thwart unauthorized access
  3. Enhance account security: Reiterate the importance of two-factor authentication by enabling it for all your online accounts. This provides an additional barrier against malicious access
  4. Data backup: Back up your critical data to prevent potential loss during the remediation process
  5. Scan for malware: Employ a reputable antivirus and anti-malware program to scan your system for the presence of StripedFly malware or any other malicious software
  6. Manual removal (if necessary): In the event that the malware persists, consider manually removing it by deleting its files and reverting any system settings that it may have altered

Note: This step should be approached with caution, and it may be beneficial to seek professional assistance.

By adhering to these protective and responsive measures, you can fortify your defenses against StripedFly and efficiently address any potential breaches.

Advertisement