Category | Details |
---|---|
Threat Actors | Unattributed (Crimeware authors behind “SteelFox”). |
Campaign Overview | SteelFox crimeware bundle distributed via malicious torrents and forums, imitating legitimate software like Foxit PDF Editor, AutoCAD, and JetBrains. |
Target Regions (Victims) | Likely global, targeting individuals and organizations through pirated software. |
Methodology | Distribution through torrents and forums; exploits Windows services and drivers, privilege escalation via vulnerable drivers, and persistence mechanisms. |
Product Targeted | Windows systems |
Malware Reference | SteelFox (bundle), FoxitCrack.exe (dropper), XMRig (modified miner), WinRing0.sys driver |
Tools Used | AES-128 encryption (with AES-NI extensions), Boost.Asio library, XMRig miner, shellcode injection, vulnerable WinRing0.sys driver. |
Vulnerabilities Exploited | CVE-2020-14979, CVE-2021-41285 |
TTPs | Use of malicious droppers, AES-encrypted payloads, dynamic IP domains, exploitation of vulnerable drivers, and mining cryptocurrency. |
Attribution | Unknown; suspected financially motivated cybercriminal group. |
Recommendations | Avoid using pirated software, monitor for signs of mining activity, enforce driver security patches, and use endpoint detection tools. |
Source | Securelist by Kaspersky |
Read full article: https://securelist.com/steelfox-trojan-drops-stealer-and-miner/114414/
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply