Cryptocurrency miner hid spyware
![Image Report examines recent activities of Russian cybercriminals from [Sandworm]](https://incyber.org//wp-content/uploads/2024/04/incyber-news-cybersecurite-cybersecurity-attack-danger-2024-885x690.jpg)
High-end malware identified by Kaspersky could come from NSA.
On October 25, 2023, the Kaspersky cybersecurity firm published a detailed analysis of StripedFly, a very sophisticated piece of spyware. Appearing in 2016, it impersonates a Monero cryptocurrency miner. The feature, which is very real, turned the attention of cyber researchers away from its other, harmful abilities, for years.
Indeed, once it has infected a device, StripedFly can take screenshots, retrieve login details and passwords, or use the microphone to record conversations. In a year, the spyware is thought to have infected over a million devices running on Windows or Linux.
Kaspersky highlights the complexity of the software. StripedFly thus has an integrated communications module that can directly converse with its operators through Tor. It can also automatically update itself on legitimate services such as GitLab. The spyware can bury its activity in the depths of Tor and quietly spread to other devices connected to the same network.
StripedFly uses an EternalBlue exploit from 2016; a year before the hacking tool developed by the NSA was leaked. Researchers also identified similarities in the spyware’s code and that of other NSA software programs. While Kaspersky does not formally acknowledge StripedFly is a high-end spyware program developed by the NSA, this seems to be the most convincing hypothesis.