StripedFly: This malware was not the simple cryptocurrency miner it claimed to be

Estimated read time 2 min read

StripedFly: This malware was not the simple cryptocurrency miner it claimed to be

Better late than never. Researchers from the Russian publisher Kaspersky have just announced that they have discovered a very sophisticated malware, StripedFly, which would have caused more than a million victims in five years. The program had initially been classified as a simple cryptocurrency miner as there are so many.


However, it was in fact, explain the Kaspersky experts, a malware with much broader capabilities, with several malicious modules ranging from Monero mining to discreet spying on victims. StripedFly could thus steal sensitive data such as login credentials, take screenshots on the victim’s device without being detected or even record with the microphone.

Elegant code

He could also communicate with his operators via an integrated Tor connection. And it could be updated via trusted services such as GitLab, for example. Either, sum up the Kaspersky experts, “truly remarkable” efforts. This approach is not common among cybercriminals, they add, emphasizing the elegance of its programming and its complexity.


A decidedly intriguing software: the malware uses a custom EternalBlue exploit to infiltrate the systems of its victims. However, as the Russian publisher notes, the first known version of StripedFly featuring this exploit dates from April 2016. That is one year before the leak of EternalBlue, this offensive hacking tool attributed to the NSA, the all-powerful American technical intelligence agency, leaked by the mysterious Shadow Brokers.

The paw of the NSA

If Kaspersky does not make attribution, the editor strongly suggests that StripedFly would indeed be another secret NSA tool, highlighting the similarities, such as the coding style, with other Equation tools, the NSA toolbox. The icing on the cake: the malicious program really generated revenue by mining Monero.



But first it was a feature intended to give the change. Kaspersky experts note in this regard that the price of the Monero token has fallen well since its peak in January 2018. The true purpose of the malware remains a mystery, concludes Kaspersky. While warning: the malicious program has certainly succeeded in its mission, that of staying below the radar for a long time.

You May Also Like

More From Author