Malware and flies share one thing in common: they’re pesky. However, while flies help the ecosystem, the Striped Fly malware is nothing but trouble.
Striped Fly has recently hit the headlines, but Kaspersky has revealed they’ve found evidence of its malicious activity dating back to 2017. Unfortunately, no one had been aware of its true identity until now. This means Striped Fly has enjoyed a five-year campaign where not even a single security researcher knew of its existence. And Kaspersky estimate that this invisibility has allowed it to infect over one million Windows and Linux hosts.
In 2017, Striped Fly was mistakenly labelled as a cryptocurrency miner, falling under the Monero trojan family. Subsequent findings, however, have revealed that Striped Fly is much more sophisticated.
What is Striped Fly?
Striped Fly’s exact mechanism is not fully understood at present, but researchers believe they know how it operates. It’s suspected that the threat actors exploited an EternalBlue SMBv1 exploit to gain a foothold in internet facing PCs. After discovering evidence of Striped Fly within the WININIT.exe application – used to help load subsystems within Windows – Kaspersky determined that it then downloads further files.
These files typically come from online software depositories such as GitHub and BitBucket. These are used to build the final Striped Fly payload. Cleverly, Striped Fly comes with Tor network capabilities to encrypt its communications. Tor, of course, is an internet router service used to encrypt data transferred over its network. And this is part of the reason why Striped Fly remained hidden for so long.
The main talking point about Striped Fly is its sophistication and wide range of functions. Striped Fly is capable of harvesting login credentials, taking unauthorized screenshots of infected devices, stealing Wi-Fi network configuration details, transferring files to remote sources, and recording microphone output. Clearly, it poses a significant threat to all PC users.
Swatting Striped Fly Away
Striped Fly’s half-decade long campaign has proved to be highly successful. Accordingly, your organization needs to be on its guard against Striped Fly and any similar threats. Kaspersky hasn’t revealed a specific fix for Striped Fly but, as ever, vigilance and good security practices are key. So, make sure the following is part of your established cybersecurity strategy:
- Install all updates: Kaspersky believe that Striped Fly was able to launch its initial attack thanks to a vulnerability it exploited. Therefore, installing all updates needs to be a priority for your organization. If there’s a hole in your defenses, you need to plug it. And a vulnerability represents a huge hole.
- Screen all attachments: all email attachments should be screened as part of a vital defense process in protecting businesses against malware. Attachments can often contain a malicious payload such as phishing scams, cryptocurrency or trojans. Accordingly, employees should always know what to question before clicking an email attachment.
- Use network security tools: installing firewalls and ensuring that your Wi-Fi networks are secured is a sure-fire way to protect yourself against the threat of malware. Striped Fly, after all, sought out Wi-Fi details and transmitted stolen files across compromised networks. With a secure firewall in place, this will reduce the likelihood of malware being able to operate effectively.
For more ways to secure and optimize your business technology, contact your local IT professionals.
Read More