Kaspersky experts have recently discovered a highly sophisticated cross-platform malware known as StripedFly. This malware has been infecting over a million Windows and Linux systems globally since 2016. Initially mistaken for a cryptominer [4], StripedFly is actually an advanced persistent threat (APT) platform.


StripedFly is structured as a monolithic binary executable code with pluggable modules that provide various services and functionality [3]. It features a custom TOR network client for secure communication and can spread through SSH and EternalBlue [4], an exploit originally developed by the NSA to target unpatched Windows systems [1] [2]. The malware adjusts its behavior based on privileges and uses PowerShell for persistence on Windows systems [4]. It allows attackers to gain persistence on networks [3] [5], gather comprehensive visibility into activity [3], and exfiltrate credentials and other data [3]. Researchers have also discovered a related ransomware variant called ThunderCrypt [3] [5]. The origins of StripedFly are unknown [1] [2], but it has been detected as early as April 2016 [1] [2]. Microsoft released a patch for EternalBlue in 2017 [1] [2], which also protects against StripedFly [1]. However, many devices have still been breached due to outdated Windows systems [1]. Despite these findings, the true motives of the perpetrators and the current activity of StripedFly remain unclear [3].


The discovery of StripedFly highlights the significant impact of advanced persistent threats on both Windows and Linux systems. While Microsoft has released a patch to protect against StripedFly, many devices remain vulnerable due to outdated operating systems [2]. It is crucial for organizations to ensure their systems are up to date and protected against such threats. The true motives of the perpetrators behind StripedFly and its current activity remain unknown, raising concerns about future implications and the need for continued vigilance in cybersecurity.


[1] https://cryptonews.net/news/security/27747557/
[2] https://www.blocpress.com/2023/10/27/stripedfly-malware-targets-more-than-a-million-pcs-disguising-as-a-crypto-miner/
[3] https://www.threatshub.org/blog/complex-spy-platform-stripedfly-bites-1m-victims/
[4] https://cyber.vumetric.com/security-news/2023/10/26/stripedfly-malware-framework-infects-1-million-windows-linux-hosts/
[5] https://www.darkreading.com/threat-intelligence/complex-spy-platform-stripedfly-bites-1m-victims-disguised-as-a-cryptominer