400/67 Tuesday, November 12, 2024
Researchers from Securelist have discovered a new malware called SteelFox that is spreading through fake software activation tools, primarily targeting Microsoft Windows users who download pirated software like Foxit PDF Editor, AutoCAD, and JetBrains. The malware attack began in February 2023, and over 11,000 victims have been identified worldwide so far.
SteelFox is designed with data-stealing and cryptocurrency mining features. Attackers can extract sensitive information, such as credit card data, browsing history, and login credentials. Additionally, the malware can collect system information, including installed software, running services, and network configurations. SteelFox spreads by embedding itself within fake software activation programs, often advertised on online forums and torrent platforms. Once installed, it creates a persistent service that remains on the system even after a restart. The malware uses vulnerable drivers to escalate its privileges and communicates with the attackers’ server using TLS 1.3 encryption and SSL pinning to enhance security. SteelFox has impacted users in more than 10 countries, including the United Arab Emirates, India, Brazil, China, Russia, Egypt, Algeria, Mexico, Vietnam, and Sri Lanka. Researchers believe that SteelFox does not specifically target any particular individual or organization but aims to distribute itself as widely as possible.
James McQuiggan, a researcher at KnowBe4, advises users to be cautious about the sources from which they download software. Organizations should enforce access controls and conduct cybersecurity training. Additionally, he emphasizes the importance of installing antivirus software and regularly updating security patches to prevent potential vulnerabilities. Protecting against SteelFox involves downloading software only from trusted sources and being vigilant about clicking links or downloading files from unknown origins.
Source https://hackread.com/steelfox-malware-software-to-steal-browser-data/