According to a security report recently released by Kaspersky, in the past five years, a complex cross-platform malware platform called StripedFly has been monitored and infected more than 1 million Windows and Linux devices.
StripedFly uses a complex traffic hiding mechanism based on TOR, can automatically update from trusted platforms, has worm-like propagation capabilities, and created the EternalBlue SMBv1 vulnerability.
Kaspersky said it was unclear whether StripedFly was used for revenue generation or cyber espionage, and the level of sophistication suggested it was an APT (Advanced Persistent Threat) malware.
The earliest known version of StripedFly with the EternalBlue vulnerability was in April 2016, according to the malware’s compiler timestamp.
The StripedFly malware framework was first discovered after Kaspersky discovered that the platform’s shellcode was injected into the WININIT.EXE process, a legitimate Windows operating system process that handles the initialization of various subsystems.
The malware payload contains multiple modules that enable attackers to act as APTs, cryptocurrency miners, or even ransomware groups,” Kaspersky said in the report.
The original text of the Kaspersky report is here. Interested users can read it in depth.
THIS IS A SPONSOR PROMOTION: >>>>>>>>>>>>>
Geekwills is an online shop that connects consumers with millions of products and brands around the world with the mission to empower them to live their best lives. Geekwills is committed to offering the most affordable quality products to enable consumers and sellers to fulfill their dreams in an inclusive environment.
