Shulou(Shulou.com)11/24 Report--

CTOnews.com, Oct. 28, according to a recent security report released by Kaspersky, over the past five years, more than 1 million Windows and Linux devices have been infected by monitoring a complex cross-platform malware platform called StripedFly.

StripedFly adopts complex traffic hiding mechanism based on TOR, which can be updated automatically from trusted platform, and has worm-like propagation function, and creates EternalBlue SMBv1 vulnerabilities.

Kaspersky said it was not clear whether StripedFly was used for revenue generation or cyber espionage, and the complexity suggested it was a form of APT malware.

According to the compiler timestamp of the malware, the earliest known version of StripedFly with an EternalBlue vulnerability was in April 2016.

The StripedFly malware framework was first discovered after Kaspersky discovered that the platform's shellcode was injected into the WININIT.EXE process, a legitimate Windows operating system process that handles the initialization of various subsystems.

"the malware payload contains multiple modules that allow attackers to act as APT, cryptocurrency miners and even blackmail software organizations," Kaspersky said in the report.

The original text of the Kaspersky report is attached to CTOnews.com, which can be read in depth by interested users.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.