Malware and flies share one thing in common: they’re pesky. However, while flies help the ecosystem, the Striped Fly malware is nothing but trouble. 

Striped Fly has recently hit the headlines, but Kaspersky has revealed they’ve found evidence of its malicious activity dating back to 2017. Unfortunately, no one had been aware of its true identity until now. This means Striped Fly has enjoyed a five-year campaign where not even a single security researcher knew of its existence. And Kaspersky estimate that this invisibility has allowed it to infect over one million Windows and Linux hosts.  

In 2017, Striped Fly was mistakenly labelled as a cryptocurrency miner, falling under the Monero trojan family. Subsequent findings, however, have revealed that Striped Fly is much more sophisticated. 

What is Striped Fly?

Striped Fly’s exact mechanism is not fully understood at present, but researchers believe they know how it operates. It’s suspected that the threat actors exploited an EternalBlue SMBv1 exploit to gain a foothold in internet facing PCs. After discovering evidence of Striped Fly within the WININIT.exe application – used to help load subsystems within Windows – Kaspersky determined that it then downloads further files. 

These files typically come from online software depositories such as GitHub and BitBucket. These are used to build the final Striped Fly payload. Cleverly, Striped Fly comes with Tor network capabilities to encrypt its communications. Tor, of course, is an internet router service used to encrypt data transferred over its network. And this is part of the reason why Striped Fly remained hidden for so long. 

The main talking point about Striped Fly is its sophistication and wide range of functions. Striped Fly is capable of harvesting login credentials, taking unauthorized screenshots of infected devices, stealing Wi-Fi network configuration details, transferring files to remote sources, and recording microphone output. Clearly, it poses a significant threat to all PC users. 

Swatting Striped Fly Away 

Striped Fly’s half-decade long campaign has proved to be highly successful. Accordingly, your organization needs to be on its guard against Striped Fly and any similar threats. Kaspersky hasn’t revealed a specific fix for Striped Fly but, as ever, vigilance and good security practices are key. So, make sure the following is part of your established cybersecurity strategy: 

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More


As the popularity of AI apps soars, the latest being Google’s Bard, it’s becoming clearer that threat actors are taking advantage of this popularity.

The latest attack to be launched revolves around BundleBot, a new brand of malware which is as stealthy as it is dangerous. Bundlebot is typically found lurking within Facebook ads that promise to take you to websites containing AI utilities and games. These websites, however, are malicious. Users report that these malicious websites are similar, in terms of design, to Bard, but their main objective is to encourage users to download malicious files, most typically hosted on an external storage site such as Dropbox.

As we become more and more interested in AI, it’s important that we remain on guard against threats such as BundleBox, so let’s take a more in-depth look at what it is.

The Lowdown on BundleBox

Once the malicious file – an RAR archive file often named Google_AI.rar – is downloaded and executed, the BundleBox campaign begins. Within this archive file, is an executable file called GoogleAI.exe which, once activated, retrieves a ZIP file (ADSNEW-1.0.0.3.zip). Once opened, this ZIP file contains a further application by the name of RiotClientServices.exe. This executable is used to fully launch, through the use of a .dll file, the BundleBox attack.

Thanks to junk code being built into Bundlebox’s design, it is able to operate stealthily and away from the attentions of anti-malware software. While it remains hidden, BundleBox utilizes a ‘command and control’ function to steal sensitive data and transmit it to a remote location. The perpetrators behind BundleBox, currently, remain a mystery, but it’s believed they are from Vietnam, due to similar Vietnamese-based attacks being launched through Facebook in recent months.

Staying Safe from BundleBox and Similar Threats

There is no definitive solution to a BundleBox infection at present, but there are plenty of ways you can protect your PCs from falling victim. Make sure that your organization enforces the following:

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More