The Bitcoin price has been all over the place for the last two years. It went from being very high at $69,000 a few years ago to $34,000 now. But that must have stopped people from trying to make their own digital money through crypto mining.
But this track to making money with cryptocurrency has its snags. Some people who love crypto have fallen into traps set by fake websites pretending to be real crypto mining platforms. These fake sites contain spyware.
One of the latest cases is something called StripedFly. It’s a super-devious spy platform that pretends to be a cryptocurrency miner. It infested over a million people worldwide, as per a report from a cybersecurity company called Kaspersky Lab.
The researchers at Kaspersky Lab found out about the StripedFly malware in August 2017. It was made to steal important information like passwords, financial details, and even secret government stuff. The stolen data was sent back to the bad guys’ servers, and that opened the door to lots of bad things like stealing identities, committing financial fraud, and even espionage.
The people who created StripedFly tricked others by making the malware look like a real cryptocurrency mining app. This made it hard for security experts and antivirus programs to find it for a long time.
When StripedFly got into someone’s computer, it looked like it was mining cryptocurrency for the people who created it. But that was just a trick. Its real goal was to spy on people and take their personal information.
At first, the researchers didn’t think this malware was a big deal. They thought it was just a cryptocurrency miner made by cybercriminals, but not a very successful one. In 2017, it only made $10 by mining Monero cryptocurrency, and about $500 in 2018.
However, when newer versions of the miner appeared on the computers of government agencies and big companies worldwide in 2022, which are not typical targets for cryptocurrency miners, the Kaspersky researchers became more interested.
After looking closer, they found out that the miner was a cover for a very advanced spy platform that has infected over a million people globally since 2017. In 2023, Kaspersky Lab exposed StripedFly, but by then, it had already caused billions of dollars in damages.
Finding out about StripedFly shows that cybercriminals are always changing their methods to harm people. It’s a big reminder of the need to be very careful about cybersecurity and to protect our devices and important information.
Sergey Lozhkin, a main security researcher at Kaspersky, said that their software found something bad in the WININIT.EXE process on people’s computers. It was similar to the code used by hackers in a group called Equation. This made them connect it back to their discovery of the cryptocurrency miner in 2017.
This cryptocurrency miner is just one part of a bigger and more complex platform known as StripedFly. It works on both Windows and Linux systems and has many plugins that give the attackers a lot of spying abilities. While this kind of thing is common in spying platforms used by countries, it’s not usual in criminal malware, which is what the researchers first thought the cryptocurrency miner was.
According to Lozhkin, StripedFly looks like it’s related to Equation Group malware in its coding style and practices. This group’s activities were revealed in 2013 by Edward Snowden. However, there’s no direct proof linking StripedFly to the NSA.
But Lozhkin said, “The effort put into making this framework is really impressive, and its discovery was surprising.” His team had previously shared information about StripedFly in a private report last year but plans to show their findings publicly for the first time at a security conference.