DomSigurnosna arhitekturaBeware of SteelFox Malware Impersonating Popular Software to Swipe Browser Data

Beware of SteelFox Malware Impersonating Popular Software to Swipe Browser Data

Objavljeno na

spot_img

SteelFox Malware Continues to Target Software Pirates Worldwide

Recently, cybersecurity researchers at Securelist uncovered a new type of malware known as SteelFox, which has been circulating on online platforms and posing as legitimate software offerings such as Foxit PDF Editor, AutoCAD, and JetBrains. The malware specifically targets Microsoft Windows users who engage in downloading pirated software and using fake software activation tools, also known as cracks.

This malicious campaign, which first emerged in February 2023, utilizes a combination of cryptocurrency mining and data theft capabilities through deceptive software activation tools. The impact of SteelFox has already reached over 11,000 users across the globe, signifying a widespread threat to online security.

According to a blog post from Securelist, SteelFox is categorized as a sophisticated “crimeware bundle” that extracts sensitive data from infected devices, including credit card details, browsing history, and login information. Additionally, the malware gathers system information such as installed software, running services, and network configurations, creating a significant breach of privacy for affected users.

The initial point of entry for SteelFox is through fake software activators, which are promoted on various online forums and torrent trackers as a means to activate genuine software without cost. Once installed, the malware establishes a service within the system that persists even after reboots, utilizing a vulnerable driver to elevate its access privileges.

The operation of SteelFox follows a multi-stage attack process, starting with a dropper that necessitates administrator permissions for execution. Upon activation, the malware installs itself as a Windows service and employs AES-128 encryption to conceal its components. By leveraging vulnerable drivers, SteelFox gains system-level access and implements TLS 1.3 with SSL pinning for secure communications with its command servers.

Despite its sophisticated nature, SteelFox does not discriminate among its targets and aims to infect as many users as possible worldwide. To date, the malware has impacted individuals in over 10 countries, including the UAE, India, Brazil, China, Russia, Egypt, Algeria, Mexico, Vietnam, and Sri Lanka, emphasizing the global reach of this cyber threat.

In response to the escalating danger posed by SteelFox, security experts like James McQuiggan from KnowBe4 stress the importance of organizations exercising caution when downloading software and educating employees on cybersecurity awareness. McQuiggan underscores the necessity for organizations to verify software sources, enforce least user privilege access controls, and utilize endpoint protection to detect suspicious activities.

To safeguard against falling victim to SteelFox, users are advised to exclusively download software from official sources and employ a reputable security solution capable of detecting and preventing the installation of infected programs. Additionally, exercising caution when interacting with unknown links or attachments can help mitigate the risks associated with malware distribution.

As the prevalence of cyber threats like SteelFox continues to rise, it is imperative for individuals and organizations to remain vigilant and proactive in safeguarding their digital assets against malicious actors. By staying informed and implementing best practices for online security, users can reduce their susceptibility to harmful malware attacks and protect their sensitive information from unauthorized access.

Link na izvor

Najnoviji članci

Canadians Projected to Be Defrauded of Over $569M in 2024

In 2024, Canadian banks have experienced a significant decrease in reported fraud cases compared...

US Department of Defense Finalizes Cyber Rules for Suppliers

The Department of Defense (DoD) has faced pressure to adopt a more flexible approach...

CRON#TRAP Campaign Targets Windows Machine using Weaponized Linux Virtual Machine

A recent cybersecurity campaign has caught the attention of Securonix researchers, who discovered a...

New Malware Campaign Targets Windows Users via Gaming Apps

Cybersecurity experts have recently discovered a new strain of malware, Winos4.0, that is being...

Još ovako

Canadians Projected to Be Defrauded of Over $569M in 2024

In 2024, Canadian banks have experienced a significant decrease in reported fraud cases compared...

US Department of Defense Finalizes Cyber Rules for Suppliers

The Department of Defense (DoD) has faced pressure to adopt a more flexible approach...

CRON#TRAP Campaign Targets Windows Machine using Weaponized Linux Virtual Machine

A recent cybersecurity campaign has caught the attention of Securonix researchers, who discovered a...
hrCroatian