A new computer threat targets Windows users by exploiting hidden vulnerabilities. This malware spreads via pirated versions of popular software and compromises the security of thousands of computers around the world. Its ingenious infection method allows it to easily bypass antivirus protections.
Malware attacks are increasing and becoming more and more sophisticated. A recent campaign, named CRON#TRAP by cybersecurity experts, used a simple phishing email to infect Windows PCs by installing a Linux virtual machine. This allowed hackers to bypass antiviruses and take complete control of computers. Today, another malware campaign similar worries specialists with its ability to exploit vulnerabilities of a former pilot and install dangerous software.
A new campaign, nicknamed SteelFox – Steel Fox – targets Windows users through pirated software. Cybercriminals use “cracks” falsified for programs such as Foxit PDF Editor, JetBrains or AutoCAD in order to convince users to install a vulnerable driver. The latter then allows you to launch a series of malware which compromise the infected device.
SteelFox installs cryptominer and spyware on vulnerable Windows PCs
The key to this attack is the addition of a driver named WinRing0.sys, known to reactivate old vulnerabilities (CVE-2020-14979 and CVE-2021-41285). Once the driver is in place, SteelFox installs XMRig, a cryptomineur which exploits the computing power of the PC to generate cryptocurrencies such as Monero, while making the device practically unusable. This software consumes a lot of resources and electricity, to the point that the user can no longer use their computer normally.
In addition to the cryptominer, SteelFox installs a spyware capable of collect sensitive information. This program can extract browsing history, cookies and payment information of multiple browsers, which puts users’ private data at risk. To protect against this type of threat, it is recommended to avoid downloading unofficial versions of software and keep drivers and systems up to date to reduce potential vulnerabilities. Using an up-to-date antivirus and avoiding clicking on suspicious links or files also helps limit the risk of infection.
Source : Bleeping Computer