- Security researchers observed a new threat campaign dubbed SteelFox
- It uses fake activators and cracks to deploy a vulnerable driver, an infostealer, and a cryptominer
- The victims are found all over the world, from Brazil to China
Hackers are targeting Windows systems with malware that mines cryptocurrencies and steals sensitive information from the devices, experts have warned.
A new report from Kaspersky claims to have spotted tens of thousands of infected endpoints already, as the cybercriminals have started advertising fake cracks and activators for different commercial software, such as Foxit PDF Editor, JetBrains, or AutoCAD.
The fake cracks come with a vulnerable driver called WinRing0.sys. By adding this driver to the system, the victim reintroduces CVE-2020-14979 and CVE-2021-41285, three- and four-year-old vulnerabilities that grant the attackers highest possible privileges.
SteelFox
Through these vulnerabilities, the crooks are able to drop XMRig, one of the most popular cryptojackers out there. XMRig uses the victim’s computing power, electricity, and internet, to mine Monero and other cryptocurrencies, but renders the device practically useless for the owner. Crypto-mining aside, the hackers also drop an infostealer that can pull data from 13 web browsers, system information, data about the network it’s connected to, as well as RDP connection.
The browser data the infostealer grabs includes browsing history, session cookies, and credit card information. Although not specifically mentioned, it’s safe to assume the malware also steals information related to cryptocurrency wallet browser addons.
Kaspersky named the campaign “SteelFox” and claims to have observed and blocked SteelFox attacks 11,000 times so far - so we can speculate the number of attacks is a lot, lot higher.
The victims seem to be scattered all over the world, meaning that SteelFox operators are casting a wide net, with the majority of compromised endpoints found in Brazil, China, Russia, Mexico, UAE, Egypt, Algeria, Vietnam, India, and Sri Lanka.
Malicious cryptocurrency miners have been around for as long as blockchain itself, but with Bitcoin surging in price after the recent US presidential elections, we can probably expect to see more infections in the months to come.
Via BleepingComputer
You might also like
- Top NAS devices are being targeted by this dangerous malware
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now
