1. Forum
  2. tqw
  3. TQW GENTECH

  • Windows PCs targeted by new malware hitting a vulnerable driver

    From TechnologyDaily@1337:1/100 to All on Thursday, November 07, 2024 13:15:05
    Windows PCs targeted by new malware hitting a vulnerable driver

    Date:
    Thu, 07 Nov 2024 13:06:00 +0000

    Description:
    Victims of SteelFox malware are scattered all over the world.

    FULL STORY ======================================================================Security
    researchers observed a new threat campaign dubbed SteelFox It uses fake activators and cracks to deploy a vulnerable driver, an infostealer, and a cryptominer The victims are found all over the world, from Brazil to China

    Hackers are targeting Windows systems with malware that mines
    cryptocurrencies and steals sensitive information from the devices, experts have warned.

    A new report from Kaspersky claims to have spotted tens of thousands of infected endpoints already, as the cybercriminals have started advertising fake cracks and activators for different commercial software, such as Foxit PDF Editor, JetBrains, or AutoCAD.

    The fake cracks come with a vulnerable driver called WinRing0.sys. By adding this driver to the system, the victim reintroduces CVE-2020-14979 and CVE-2021-41285, three- and four-year-old vulnerabilities that grant the attackers highest possible privileges. SteelFox

    Through these vulnerabilities, the crooks are able to drop XMRig, one of the most popular cryptojackers out there. XMRig uses the victims computing power, electricity, and internet, to mine Monero and other cryptocurrencies, but renders the device practically useless for the owner. Crypto-mining aside,
    the hackers also drop an infostealer that can pull data from 13 web browsers, system information, data about the network its connected to, as well as RDP connection.

    The browser data the infostealer grabs includes browsing history, session cookies, and credit card information. Although not specifically mentioned,
    its safe to assume the malware also steals information related to cryptocurrency wallet browser addons.

    Kaspersky named the campaign SteelFox and claims to have observed and blocked SteelFox attacks 11,000 times so far - so we can speculate the number of attacks is a lot, lot higher.

    The victims seem to be scattered all over the world, meaning that SteelFox operators are casting a wide net, with the majority of compromised endpoints found in Brazil, China, Russia, Mexico, UAE, Egypt, Algeria, Vietnam, India, and Sri Lanka.

    Malicious cryptocurrency miners have been around for as long as blockchain itself, but with Bitcoin surging in price after the recent US presidential elections, we can probably expect to see more infections in the months to come.

    Via BleepingComputer You might also like Top NAS devices are being targeted by this dangerous malware Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/windows-pcs-targeted-by-new-malware-hit ting-a-vulnerable-driver


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)