Security Week 2446: исследование троянской программы SteelFox

Метод распространения вредоносного ПО вместе с утилитами для взлома легитимных программ уверенно можно назвать таким же старым, как и сеть Интернет. Это не значит, что данный прием не работает. В свежем исследовании специалисты «Лаборатории Касперского» подробно разбирают особенности троянской программы SteelFox . Распространяется она вместе с «кряками» популярного программного обеспечения, например для утилиты Foxit PDF Editor, решений компании JetBrains или для ПО AutoCAD. Это классическая массовая атака на обычных пользователей, которая была зафиксирована во множестве стран, но чаще всего — в Бразилии, Китае и России. Ссылки на SteelFox распространяются на форумах и через популярные торрент-трекеры. Если такой «кряк» скачать, он выполнит обещанное, но также установит в систему код для кражи персональных данных и майнинга криптовалют.

https://habr.com/ru/companies/kaspersky/articles/857686/

#steelfox

Good day everyone!

Today's #readoftheday is sponsored by the #SteelFox Trojan that was discovered by Kaspersky in August 2024 but had been active since February 2023. It abuses Windows services and drivers and is able to steal data, mine cryptocurrency, elevate privileges, and gains persistence to maintain a foothold in the victims environment.

According to the report, the SteelFox malware enters the victim's environment through various publications on forums and torrent trackers that masquerade as a way to activate legitimate software for free. Once downloaded and executed the malware may ask for administrative privileges to install itself in the expected or legitimate location. That is when malicious code follows and sets up the second-stage payload and creates a Windows service as means of persistence. Once active it can steal browser cookies, credit card info, browsing history, and more! Plus, it also may drop a miner, XMRig, that will mine cryptocurrency for the bad guys!

Hunting opportunities include hunting for legitimate software in abnormal locations, creation of new services that don't go along with naming conventions established in your environment, and abnormal connections over DNS or HTTPS. Enjoy and Happy Hunting!

New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency
https://securelist.com/steelfox-trojan-drops-stealer-and-miner/114414/

Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting Cyborg Security, Now Part of Intel 471

New #SteelFox #malware is using the “bring your own vulnerable driver” technique to steal credit card info & mine cryptocurrency. It's being distributed in forums & torrent trackers as a crack tool that activates legitimate software like Foxit PDF Editor, JetBrains, & AutoCAD. https://www.bleepingcomputer.com/news/security/new-steelfox-malware-hijacks-windows-pcs-using-vulnerable-driver/

#cybersecurity #DFIR #IT #CISO #security #infosec #IT security

🦊 Think you're safe because you only download "trusted" software? Think again! The SteelFox Trojan hides in popular software activators, sneaking into systems, stealing data, and mining crypto in the background. One quick tip: Stick to official sources for downloads—those "free" activators can cost you!

What precautions do you take when downloading software? Let's share our best practices. Read more about SteelFox and protect your system from lurking threats: https://guardiansofcyber.com/threats-vulnerabilities/steelfox-trojan/

#Cybersecurity #GuardiansOfCyber #DataProtection #TrojanAlert #DigitalSafety #MalwarePrevention #StaySecure #DataTheft #CryptoMining #SteelFox