A malware that was initially thought to be crypto miner has been discovered to be a sophisticated spy platform.
The malware framework platform is named StripFly and it has flown under the radar of security researchers for over 5 years. First detected in 2017, it was incorrectly classified and widely dismissed as a largely ineffective malware for mining crypto. Turns out, crypto mining was only one of the many capabilities of this malware. The malware comes equipped with a built in TOR network tunnel for communication with its command servers. It also uses trusted services such as GitHub, GitLab and BitBucket for its update and delivery functionality. Security researchers described the malware as nothing short of impressive and says that while it is unclear if the malware framework is used for revenue generation or cyber espionage, it’s level of sophistication indicates that this is an APT (Advanced Persistence Threat) Malware. The Malware has infected over a million Windows and Linux systems.
https://securelist.com/stripedfly-perennially-flying-under-the-radar/110903/
https://www.bleepingcomputer.com/news/security/stripedfly-malware-framework-infects-1-million-windows-linux-hosts/
https://www.darkreading.com/threat-intelligence/complex-spy-platform-stripedfly-bites-1m-victims-disguised-as-a-cryptominer
This segment was created for the It’s 5:05 podcast
https://505updates.com/2023-11-01-open-source-and-cybersecurity-headlines/