Antivirus provider Kaspersky uncovers a sophisticated piece of ‘StripedFly’ malware camouflaged as a cryptocurrency miner that’s been targeting PCs for more than five years.
Malware disguised as malware? Interesting
Powerful Malware Disguised as Crypto Miner Infects 1M+ Windows, Linux PCs
Submitted 1 year ago by Salamendacious@lemmy.world to technology@lemmy.world
https://www.pcmag.com/news/powerful-malware-disguised-as-crypto-miner-infects-1m-plus-windows-linux
Comments
mojo@lemm.ee 1 year ago
MargotRobbie@lemm.ee 1 year ago
Salamendacious@lemmy.world 1 year ago
It’s like inception
Buffalox@lemmy.world 1 year ago
According to Kaspersky, StripedFly uses its own custom EternalBlue attack to infiltrate unpatched Windows systems and quietly spread across a victim’s network, including to Linux machines.
Yeah I call bullshit on that.
Salamendacious@lemmy.world 1 year ago
This is a different article but you should find at least some more information on how the malware works with Linux here:
bleepingcomputer.com/…/stripedfly-malware-framewo…
I’m not a Linux user so I honestly don’t know if that article is incredibly helpful or not.
girsaysdoom@sh.itjust.works 1 year ago
From what it’s describing, it sounds like it would only impact Linux computers that allow SMB1 access, such as domain-joined systems with samba access allowed. It sounds like this would target mainly enterprise Linux deployments.
Buffalox@lemmy.world 1 year ago
From what you wrote originally, it’s absolutely useless, and not worth reading.
tja@sh.itjust.works 1 year ago
I don’t know why op did not want to share the original report, but it is linked in the article: securelist.com/…/110903/
Socsa@sh.itjust.works 1 year ago
I took am struggling to find the actual Linux vuln. It sounds like it steals ssh keys, so maybe just poorly configured hosts?
Buffalox@lemmy.world 1 year ago
You should always have a file your home folder named SSH keys and Root password. /s
That’s not just poor configuration, that’s complete disregard for security.
ianovic69@feddit.uk 1 year ago
cryptocurrency miner
There seems to be a simple and obvious way around this, or do we still think crypto stuff isn’t a fucked up load of bollocks for cunts?
CriticalMiss@lemmy.world 1 year ago
I won’t argue about the legitimacy of crypto simply because I don’t care enough but you have to be fucking stupid to run non-FOSS crypto miners and instead go with something proprietary like this and then be surprised it fucks up your shit.
Lucidlethargy@sh.itjust.works 1 year ago
I don’t care enough but you have to be fucking stupid to run
non-FOSScrypto minersFixed that for you.
Salamendacious@lemmy.world 1 year ago
Is there a difference between FLOSS & FOSS? Besides the word libre?
Immersive_Matthew@sh.itjust.works 1 year ago
Why would the article not share the name of the miner in question?
affiliate@lemmy.world 1 year ago
magician never reveals his secrets
sir_reginald@lemmy.world 1 year ago
this makes use of an old windows specific vulnerability. Linux is only mentioned on the title, not again in the whole article. click bait.
Salamendacious@lemmy.world 1 year ago
bleepingcomputer.com/…/stripedfly-malware-framewo…
Buffalox@lemmy.world 1 year ago
That’s from a completely different article.
And it doesn’t say how this is achieved without already having root privilegies. I’m not sure I believe this can in fact infect a Linux system, except if it’s already heavily compromised, for instance by a user logging in as root as default.
hornedfiend@sopuli.xyz 1 year ago
It does though: “On Linux, the malware assumes the name ‘sd-pam’. It achieves persistence using systemd services, an autostarting .desktop file, or by modifying various profile and startup files, such as /etc/rc*, profile, bashrc, or inittab files.”
So technically useless . it can’t do shit.
Socsa@sh.itjust.works 1 year ago
It can pwn poorly configured dev systems.
Buffalox@lemmy.world 1 year ago
It does include this:
But that’s a completely ridiculous lack of detail of any actual vulnerability. Smells like bullshit.
Salamendacious@lemmy.world 1 year ago
I want intentionally trying to imply that it came from the article. That’s why I posted the naked link. I wasn’t really thinking about the Linux component when I posted the article.