Windows PCs targeted by new malware hitting a vulnerable driver

2 weeks ago

A padlock icon adjacent to a personification moving connected a laptop.

(Image credit: Shutterstock)

Security researchers observed a caller threat run dubbed SteelFox
It uses clone activators and cracks to deploy a susceptible driver, an infostealer, and a cryptominer
The victims are recovered each complete nan world, from Brazil to China

Hackers are targeting Windows systems pinch malware that mines cryptocurrencies and steals delicate accusation from nan devices, experts person warned.

A caller study from Kaspersky claims to person spotted tens of thousands of infected endpoints already, arsenic nan cybercriminals person started advertizing clone cracks and activators for different commercialized software, specified arsenic Foxit PDF Editor, JetBrains, aliases AutoCAD.

The clone cracks travel pinch a susceptible driver called WinRing0.sys. By adding this driver to nan system, nan unfortunate reintroduces CVE-2020-14979 and CVE-2021-41285, three- and four-year-old vulnerabilities that assistance nan attackers highest imaginable privileges.

SteelFox

Through these vulnerabilities, nan crooks are capable to driblet XMRig, 1 of nan astir celebrated cryptojackers retired there. XMRig uses nan victim’s computing power, electricity, and internet, to excavation Monero and different cryptocurrencies, but renders nan instrumentality practically useless for nan owner. Crypto-mining aside, nan hackers besides driblet an infostealer that tin propulsion information from 13 web browsers, strategy information, information astir nan web it’s connected to, arsenic good arsenic RDP connection.

The browser information nan infostealer grabs includes browsing history, convention cookies, and in installments paper information. Although not specifically mentioned, it’s safe to presume nan malware besides steals accusation related to cryptocurrency wallet browser addons.

Kaspersky named nan run “SteelFox” and claims to person observed and blocked SteelFox attacks 11,000 times truthful acold - truthful we tin estimate nan number of attacks is simply a lot, batch higher.

The victims look to beryllium scattered each complete nan world, meaning that SteelFox operators are casting a wide net, pinch nan mostly of compromised endpoints recovered successful Brazil, China, Russia, Mexico, UAE, Egypt, Algeria, Vietnam, India, and Sri Lanka.

Sign up to nan TechRadar Pro newsletter to get each nan apical news, opinion, features and guidance your business needs to succeed!

Malicious cryptocurrency miners person been astir for arsenic agelong arsenic blockchain itself, but pinch Bitcoin surging successful value aft nan caller US statesmanlike elections, we tin astir apt expect to spot much infections successful nan months to come.

Via BleepingComputer

You mightiness besides like

Top NAS devices are being targeted by this vulnerable malware
Here's a database of nan best firewalls today
These are nan best endpoint protection tools correct now

Sead is simply a seasoned freelance journalist based successful Sarajevo, Bosnia and Herzegovina. He writes astir IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, information breaches, laws and regulations). In his career, spanning much than a decade, he’s written for galore media outlets, including Al Jazeera Balkans. He’s besides held respective modules connected contented penning for Represent Communications.

Source Technology