Stripedfly Malware Framework Infects One Million Windows, Linux Hosts

A sophisticated malware platform called StripedFly has been infecting over a million Windows and Linux systems for the past five years. Initially mistaken for a Monero cryptocurrency miner, it was discovered by Kaspersky last year. StripedFly is described as an advanced persistent threat (APT) malware due to its complexity. It features TOR-based traffic concealing mechanisms, automated updating, worm-like spreading capabilities, and an EternalBlue SMBv1 exploit created before the flaw was disclosed. The malware's purpose, whether for revenue generation or cyber espionage, remains uncertain. It infects devices using the EternalBlue exploit and uses a custom lightweight TOR network client for communication. StripedFly has infected at least 220,000 Windows systems since February 2022, with an estimated total of over 1 million infected devices. The malware operates as a monolithic binary executable with various modules, including a Monero mining module that serves as a diversion. The researchers also found links to the ransomware variant ThunderCrypt, suggesting potential revenue generation motives.