The EternalBlue vulnerability is familiar to everyone. This vulnerability was announced by the hacker group The Shadow Brokers in April 2017 and triggered the WannaCry ransomware outbreak.
However, Kaspersky pointed out that researchers estimate that more than 1 million computers around the world still have relevant vulnerabilities, and that from April to September this year, nearly 60,000 computers were hacked due to vulnerabilities.
Kaspersky also recently disclosed a malicious Trojan called StripedFly that is said to have existed for more than 5 years. Researchers initially discovered in 2022 that relevant malicious code was injected into the victim’s Wininit.exe process.
These malicious codes previously appeared in the malicious Trojan Equation, but were mistaken for mining programs by security companies at the time. However, now Kaspersky has discovered that the relevant malicious codes are not only capable of mining, but also deploy the StripedFly malware that exploits the Eternal Blue vulnerability Trojan horse.
▲Image source Kaspersky
It is discovered from the Kaspersky report that the relevant malicious code will download a series of disguised malicious Trojans from Bitbucket, GitHub, and GitLab. In the process, EternalBlue (CVE-2017-0144) disclosed in 2017 will be used. vulnerability, ultimately deploying StripedFly on the victim’s computer.
It is reported that StripedFly can execute any code deployed by hackers and spread StripedFly to Windows and Linux computers involved in the unified network through SSH, thus causing attacks on more devices.
THIS IS A SPONSOR PROMOTION: >>>>>>>>>>>>>
Geekwills is an online shop that connects consumers with millions of products and brands around the world with the mission to empower them to live their best lives. Geekwills is committed to offering the most affordable quality products to enable consumers and sellers to fulfill their dreams in an inclusive environment.