Windows PCs targeted by new malware hitting a vulnerable driver

2 hours ago 2

A padlock icon next to a person working on a laptop.

(Image credit: Shutterstock)

Security researchers observed a new threat campaign dubbed SteelFox
It uses fake activators and cracks to deploy a vulnerable driver, an infostealer, and a cryptominer
The victims are found all over the world, from Brazil to China

Hackers are targeting Windows systems with malware that mines cryptocurrencies and steals sensitive information from the devices, experts have warned.

A new report from Kaspersky claims to have spotted tens of thousands of infected endpoints already, as the cybercriminals have started advertising fake cracks and activators for different commercial software, such as Foxit PDF Editor, JetBrains, or AutoCAD.

The fake cracks come with a vulnerable driver called WinRing0.sys. By adding this driver to the system, the victim reintroduces CVE-2020-14979 and CVE-2021-41285, three- and four-year-old vulnerabilities that grant the attackers highest possible privileges.

SteelFox

Through these vulnerabilities, the crooks are able to drop XMRig, one of the most popular cryptojackers out there. XMRig uses the victim’s computing power, electricity, and internet, to mine Monero and other cryptocurrencies, but renders the device practically useless for the owner. Crypto-mining aside, the hackers also drop an infostealer that can pull data from 13 web browsers, system information, data about the network it’s connected to, as well as RDP connection.

The browser data the infostealer grabs includes browsing history, session cookies, and credit card information. Although not specifically mentioned, it’s safe to assume the malware also steals information related to cryptocurrency wallet browser addons.

Kaspersky named the campaign “SteelFox” and claims to have observed and blocked SteelFox attacks 11,000 times so far - so we can speculate the number of attacks is a lot, lot higher.

The victims seem to be scattered all over the world, meaning that SteelFox operators are casting a wide net, with the majority of compromised endpoints found in Brazil, China, Russia, Mexico, UAE, Egypt, Algeria, Vietnam, India, and Sri Lanka.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Malicious cryptocurrency miners have been around for as long as blockchain itself, but with Bitcoin surging in price after the recent US presidential elections, we can probably expect to see more infections in the months to come.

Via BleepingComputer

Top NAS devices are being targeted by this dangerous malware
Here's a list of the best firewalls today
These are the best endpoint protection tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article