Kaspersky’s researchers have recently uncovered a highly sophisticated malware known as “StripedFly” that has been affecting over a million victims since 2017. This malware initially disguised itself as a cryptocurrency miner, but further investigation revealed that it is actually a complex multi-functional wormable framework.
The Remarkable Discovery
In 2022, Kaspersky researchers stumbled upon the StripedFly framework and were amazed by the efforts put into its creation. They stated, “The effort in creating the framework was truly remarkable.” After analyzing the malware, they found instances of suspicious code dating back to 2017, which were previously observed in Equation malware. The researchers added, “Subsequent analysis revealed earlier instances of suspicious code dating back to 2017.”
Malware Capabilities and Impact
The initial classification of StripedFly as a Monero cryptocurrency miner turned out to be a misjudgment. It is still unclear whether the malware was used for revenue generation or for cyber espionage purposes. However, experts believe that the mining module of the malware played a crucial role in evading detection for a long period.
According to the Kaspersky report, StripedFly has extensive capabilities to spy on its victims. It collects sensitive information such as login usernames and passwords, personal autofill data including name, address, phone number, company, and job title. Additionally, the malware has the capability to capture known Wi-Fi network names and associated passwords.
The origins of StripedFly still remain unknown; however, further investigations have revealed that the malware utilizes similar techniques as the EternalBlue ‘SMBv1’ exploit to infiltrate victim’s systems. EternalBlue, which was leaked in April 2017, continues to pose a threat to unpatched Windows servers. The exploit was initially created and used by a hacking group known as the Equation Group, which was associated with the NSA.
Kaspersky disclosed that StripedFly was initially detected in April 2016, a year before the discovery of the EternalBlue exploit. In response to the threat, Microsoft released a patch for the EternalBlue exploit in early 2017, aiming to safeguard vulnerable systems from potential attacks.