Over a million Windows and Linux systems infected by this tricky new malware

News
By published

StripedFly malware is capable of grabbing screenshots and stealing passwords

Magnifying glass enlarging the word 'malware' in computer machine code
(Image credit: Shutterstock)

Cybersecurity researchers from Kaspersky have discovered an “impressive” malware threat hiding in plain sight for half a decade.

Called StripedFly, the malware’s earliest evidence of activity dates back to 2017, Kaspersky claims, where at one point it was discovered but dismissed as a “mere” cryptocurrency miner. 

However, a new investigation has shown that StripedFly is capable of a lot more than just mining cryptocurrency: it can execute commands remotely, grab screenshots and execute shellcodes, steal passwords and other sensitive data, record sounds using the integrated microphone, move to adjacent endpoints using previously stolen credentials, abuse the EternalBlue exploit to worm into other systems, and lastly - mine Monero.

Reader Offer: $50 Amazon gift card with demo

Reader Offer: $50 Amazon gift card with demo
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?

Mining Monero

In fact, Monero mining is now seen as a diversion attempt, to throw researchers off and prevent them from analyzing the code further.

The tactic seems to have worked, as a million devices were allegedly compromised in the meantime. The keyword here is “allegedly” because even Kaspersky can’t know for certain. The only actual data the researchers managed to obtain comes from a Bitbucket repository that delivered the final stage payload, and it shows 220,000 Windows infections since February 2022. Since the repository was created in 2018, earlier data is unavailable. But Kaspersky estimates at least a million infections, especially since StripedFly targets both Windows and Linux endpoints.

There is no word on who might be behind this goliath of a platform. Kaspersky doesn’t explicitly say if it’s a state-sponsored player or not, but it does argue that this is most likely the work of an Advanced Persistent Threat (APT) and these are mostly state-sponsored, researchers would agree.

"The malware payload encompasses multiple modules, enabling the actor to perform as an APT, as a crypto miner, and even as a ransomware group," Kaspersky says in its report.

"Notably, the Monero cryptocurrency mined by this module reached its peak value at $542.33 on January 9, 2018, compared to its 2017 value of around $10. As of 2023, it has maintained a value of approximately $150."

"Kaspersky experts emphasize that the mining module is the primary factor enabling the malware to evade detection for an extended period."

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A person at a laptop with a cybersecure lock symbol floating above it.
Cybercrime gang targets victims with "triple threat" attacks
A computer being guarded by cybersecurity.
Huge cyberattack found hitting vulnerable Microsoft-signed legacy drivers to get past security
Trojan
Microsoft warns of a devious new RAT malware which can avoid detection with apparent ease
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Microsoft reveals over a million PCs hit by malvertising campaign
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
An American flag flying outside the US Capitol building against a blue sky
US military and defense contractors hit with Infostealer malware
Latest in Security
AI tools.
Not even fairy tales are safe - researchers weaponise bedtime stories to jailbreak AI chatbots and create malware
An Android phone being held in the hand
These malicious Android apps were installed over 60 million times - here's how to stay safe
ransomware avast
Billions of credentials were stolen from businesses around the world in 2024
Avast cybersecurity
An unpatched Windows zero-day flaw has been exploited by 11 nation-state attackers
ID theft
Hackers claim Orange attack, threaten to leak 1TB of data
A computer file surrounded by red laser beams
Free online file converters could infect your PC with malware, FBI warns
Latest in News
Student sat at a desk with a laptop in a dormitory looking at a mobile phone
Windows 11 could eventually help you understand how fast your PC is - as well as offer tips for making your PC or laptop faster for free
Veresa attacks an enemy in Genshin Impact.
Genshin Impact Version 5.5 arrives next week, adding a new five star character obsessed with food
Google Pixel 9a
Google just launched the Pixel 9a – and I reckon it embarrasses the iPhone 16e
AI tools.
Not even fairy tales are safe - researchers weaponise bedtime stories to jailbreak AI chatbots and create malware
Adobe Firefly
Adobe launches game-changing GenAI tools for video editing
Amrit Kaur and Reneé Rapp in The Sex Lives of College Girls.
Max cancels The Sex Lives of College Girls but the hit HBO show might find a new streaming home elsewhere
More about security
AI tools.

Not even fairy tales are safe - researchers weaponise bedtime stories to jailbreak AI chatbots and create malware
Avast cybersecurity

An unpatched Windows zero-day flaw has been exploited by 11 nation-state attackers
Walmart Presidents' Day sale 2025

Walmart is launching a Super Savings Week sale to combat Amazon – here are the top deals worth buying
See more latest
Most Popular
Veresa attacks an enemy in Genshin Impact.
Genshin Impact Version 5.5 arrives next week, adding a new five star character obsessed with food
AI tools.
Not even fairy tales are safe - researchers weaponise bedtime stories to jailbreak AI chatbots and create malware
Amrit Kaur and Reneé Rapp in The Sex Lives of College Girls.
Max cancels The Sex Lives of College Girls but the hit HBO show might find a new streaming home elsewhere
Student sat at a desk with a laptop in a dormitory looking at a mobile phone
Windows 11 could eventually help you understand how fast your PC is - as well as offer tips for making your PC or laptop faster for free
Jia-Xin "Jay" Zhong, a postdoctoral scholar of acoustics at Penn State, used a dummy with microphones in its ears to measure the presence or absence of sound along an ultrasonic trajectory.
A wild new sound tech promises to create 'personal' sound only you can hear, but without headphones
An AMD Ryzen processor slotted into a motherboard
It's not looking bright for next-gen systems using AMD's Medusa Point APUs - they reportedly won't use RDNA 4 architecture, potentially meaning no FSR 4
Avast cybersecurity
An unpatched Windows zero-day flaw has been exploited by 11 nation-state attackers
Google Pixel 9a
Google just launched the Pixel 9a – and I reckon it embarrasses the iPhone 16e
Adobe Firefly
Adobe launches game-changing GenAI tools for video editing
Wix Functions
Wix launches no-code tool to streamline business flows