Press ESC to close

New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency

CategoryDetails
Threat ActorsUnattributed (Crimeware authors behind “SteelFox”).
Campaign OverviewSteelFox crimeware bundle distributed via malicious torrents and forums, imitating legitimate software like Foxit PDF Editor, AutoCAD, and JetBrains.
Target Regions (Victims)Likely global, targeting individuals and organizations through pirated software.
MethodologyDistribution through torrents and forums; exploits Windows services and drivers, privilege escalation via vulnerable drivers, and persistence mechanisms.
Product TargetedWindows systems
Malware ReferenceSteelFox (bundle), FoxitCrack.exe (dropper), XMRig (modified miner), WinRing0.sys driver
Tools UsedAES-128 encryption (with AES-NI extensions), Boost.Asio library, XMRig miner, shellcode injection, vulnerable WinRing0.sys driver.
Vulnerabilities ExploitedCVE-2020-14979, CVE-2021-41285
TTPsUse of malicious droppers, AES-encrypted payloads, dynamic IP domains, exploitation of vulnerable drivers, and mining cryptocurrency.
AttributionUnknown; suspected financially motivated cybercriminal group.
RecommendationsAvoid using pirated software, monitor for signs of mining activity, enforce driver security patches, and use endpoint detection tools.
SourceSecurelist by Kaspersky

Read full article: https://securelist.com/steelfox-trojan-drops-stealer-and-miner/114414/

Disclaimer: The above summary has been generated by an AI language model

Leave a Reply

Your email address will not be published. Required fields are marked *