Phuket (Thailand) | Cybersecurity firm Kaspersky on Thursday cautioned against malware StripedFly, saying it has affected over a million people across the world in the past six years.
Initially, StripedFly was acting as a cryptocurrency miner, but it turned out to be a complex malware with a multi-functional wormable framework, the Russia-based entity said in a report released here.
The report said, "Kaspersky experts have uncovered previously unknown, highly sophisticated StripedFly malware with global reach affecting over a million victims since at least 2017." "The malware payload encompasses multiple modules, enabling the actor to perform as an APT, as a crypto miner, and even as a ransomware group, potentially expanding its motives from financial gain to espionage," it said.
The actor behind this operation has acquired extensive capabilities to clandestinely spy on victims, Kaspersky said.
The malware harvests credentials every two hours, pilfering sensitive data such as site and Wi-Fi login credentials, along with personal data such as name, address, phone number, company and job title.
Furthermore, the malware can capture screenshots on the victim's device without detection, gain significant control over the machine, and even record microphone input.
"Threat actors' ability to adapt and evolve is a constant challenge, which is why it's so important for us as researchers to continue to dedicate our efforts to uncovering and disseminating sophisticated cyber threats and for customers not to forget about comprehensive protection," Sergey Lozhkin, Principal Security Researcher at Kaspersky's Global Research and Analysis Team (GReAT), said.
Kaspersky researchers have also suggested a few measures that would help in preventing the attack of StripedFly malware.
"In order to avoid falling victim to a targeted attack by a known or unknown threat attacker, update your operating system, applications, and antivirus software regularly to patch any known vulnerabilities," they added.
The experts also suggest verifying the sender's identity before sharing any personal details or clicking on suspicious links, and remaining cautious of emails, messages, or calls asking for sensitive information.
Headquartered in Moscow, Kaspersky is a global cybersecurity and digital privacy company. Its security portfolio includes leading end-point protection, specialised security products and services, as well as cyber-immune solutions to fight sophisticated and evolving digital threats.