StripedFly malware targets more than a million PCs, disguising as a crypto miner

Kaspersky unveils StripedFly, a stealthy malware posing as a crypto miner, compromising over a million Windows and Linux systems globally since 2016.

For over half a decade, a dangerous malware dubbed “StripedFly” has been lurking in the shadows, posing as a crypto mining software. Leading antivirus developers, Kaspersky reported that this duplicitous malware has compromised over a million Windows and Linux systems worldwide since 2016.

Kaspersky’s cybersecurity team initiated their investigation into StripedFly last year. They were tipped off by anomalies within their antivirus software, which changed certain functions in the Windows OS. 

Our new research on sophisticated #StripedFly malware: https://t.co/vtwmqL4Lyt

— Sergey Lozhkin (@61ack1ynx) October 26, 2023

Kaspersky’s investigation 

A striking discovery during the investigation was StripedFly’s use of an EternalBlue variant. This exploit, originally developed by the United States National Security Agency (NSA), became infamous after it was illegally disclosed and subsequently employed in the 2017 WannaCry ransomware attacks that affected numerous Windows systems globally.

StripedFly leverages its unique variant of EternalBlue to worm its way into unpatched Windows systems, from where it can traverse across a network to include Linux machines. Once in the system, it’s capable of collecting a wide range of sensitive information, including login details and personal data.

Timeline of #stripedfly #thesas2023 pic.twitter.com/qKKzPfLniZ

— Kaspersky (@kaspersky) October 26, 2023

The origins of StripedFly remain a mystery. Though it uses the same techniques as EternalBlue, that particular code was only made publicly available in April 2017 by a group called the “Shadow Brokers.” However, Kaspersky disclosed that the earliest detection of StripedFly dates back to April of 2016. Also, a version of this mysterious malware has appeared in a ransomware attack named ThunderCrypt.

Microsoft released a patch for EternalBlue back in early 2017, which also works against StripedFly. Unfortunately, using outdated windows has been a rather common user behavior over the years, which is why over a million devices have been breached by StripedFly so far.