Windows PCs targeted by new malware hitting a vulnerable driver

BYOVD attack concludes with a cryptominer and an infostealer

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Hackers are targeting Windows systems withmalwarethat mines cryptocurrencies and steals sensitive information from the devices, experts have warned.

A new report from Kaspersky claims to have spotted tens of thousands of infected endpoints already, as the cybercriminals have started advertising fake cracks and activators for different commercial software, such as Foxit PDF Editor, JetBrains, or AutoCAD.

The fake cracks come with a vulnerable driver called WinRing0.sys. By adding this driver to the system, the victim reintroduces CVE-2020-14979 and CVE-2021-41285, three- and four-year-old vulnerabilities that grant the attackers highest possible privileges.

SteelFox

SteelFox

Through these vulnerabilities, the crooks are able to drop XMRig, one of the most popular cryptojackers out there. XMRig uses the victim’s computing power, electricity, and internet, to mine Monero and other cryptocurrencies, but renders the device practically useless for the owner. Crypto-mining aside, the hackers also drop an infostealer that can pull data from 13 web browsers, system information, data about the network it’s connected to, as well as RDP connection.

The browser data the infostealer grabs includes browsing history, session cookies, and credit card information. Although not specifically mentioned, it’s safe to assume the malware also steals information related to cryptocurrency wallet browser addons.

Kaspersky named the campaign “SteelFox” and claims to have observed and blocked SteelFox attacks 11,000 times so far - so we can speculate the number of attacks is a lot, lot higher.

The victims seem to be scattered all over the world, meaning that SteelFox operators are casting a wide net, with the majority of compromised endpoints found in Brazil, China, Russia, Mexico, UAE, Egypt, Algeria, Vietnam, India, and Sri Lanka.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Malicious cryptocurrency miners have been around for as long as blockchain itself, but with Bitcoin surging in price after the recent US presidential elections, we can probably expect to see more infections in the months to come.

ViaBleepingComputer

You might also like

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Herman Miller Aeron gaming chair review: premium, highly customizable comfort