2y ago

Powerful Malware Disguised as Crypto Miner Infects 1M+ Windows, Linux PCs

www.pcmag.com

Antivirus provider Kaspersky uncovers a sophisticated piece of 'StripedFly' malware camouflaged as a cryptocurrency miner that's been targeting PCs for more than five years.

55 comments

this makes use of an old windows specific vulnerability. Linux is only mentioned on the title, not again in the whole article. clickbait.
edit: downvote me if you want, but the original article didn't say a thing about Linux.
- https://www.bleepingcomputer.com/news/security/stripedfly-malware-framework-infects-1-million-windows-linux-hosts/
  On Linux, the malware assumes the name 'sd-pam'. It achieves persistence using systemd services, an autostarting .desktop file, or by modifying various profile and startup files, such as /etc/rc*, profile, bashrc, or inittab files.
  
  That's from a completely different article.
  And it doesn't say how this is achieved without already having root privilegies. I'm not sure I believe this can in fact infect a Linux system, except if it's already heavily compromised, for instance by a user logging in as root as default.
- It does include this:
  quietly spread across a victim’s network, including to Linux machines.
  But that's a completely ridiculous lack of detail of any actual vulnerability. Smells like bullshit.
  The quote from OP is from a different article.
  
  I wasn't intentionally trying to imply that it came from the article. That's why I posted the naked link. I wasn't really thinking about the Linux component when I posted the article.
- It does though: "On Linux, the malware assumes the name 'sd-pam'. It achieves persistence using systemd services, an autostarting .desktop file, or by modifying various profile and startup files, such as  /etc/rc*, profile, bashrc, or inittab files."
  So technically useless . it can't do shit.
  
  It can pwn poorly configured dev systems.
Malware disguised as malware? Interesting
- It's always the one you least suspect, like disguising yourself as an impersonation of yourself.
- It's just malware all the way down
  
  Malware turtles?
- It's like inception
According to Kaspersky, StripedFly uses its own custom EternalBlue attack to infiltrate unpatched Windows systems and quietly spread across a victim’s network, including to Linux machines.
Yeah I call bullshit on that. Absolutely zero description of any vulnerability.
- This is a different article but you should find at least some more information on how the malware works with Linux here:
  https://www.bleepingcomputer.com/news/security/stripedfly-malware-framework-infects-1-million-windows-linux-hosts/
  I'm not a Linux user so I honestly don't know if that article is incredibly helpful or not.
  
  From what it's describing, it sounds like it would only impact Linux computers that allow SMB1 access, such as domain-joined systems with samba access allowed. It sounds like this would target mainly enterprise Linux deployments but home Linux setups should be fine for the most part.
  
  From the part you quoted earlier, it's absolutely useless, and not worth reading.
- I don't know why op did not want to share the original report, but it is linked in the article: https://securelist.com/stripedfly-perennially-flying-under-the-radar/110903/
- I too am struggling to find the actual Linux vuln. It sounds like it steals ssh keys, so maybe just poorly configured hosts?
  
  You should always have a file your home folder named SSH keys and Root password. /s
  That's not just poor configuration, that's complete disregard for security.
  
  deleted by creator
- I won’t argue about the legitimacy of crypto simply because I don’t care enough but you have to be fucking stupid to run non-FOSS crypto miners and instead go with something proprietary like this and then be surprised it fucks up your shit.
  
  Is there a difference between FLOSS & FOSS? Besides the word libre?
  
  I don’t care enough but you have to be fucking stupid to run ~~non-FOSS~~ crypto miners
  Fixed that for you.
Why would the article not share the name of the miner in question?
- magician never reveals his secrets

55 comments