Inkundla Yezinhloli Eziyinkimbinkimbi I-StripedFly Iluma Izisulu eziyi-1M

Uhlelo olungayilungele ikhompuyutha lucatshangwa ukuthi luyinto nje i-cryptominer empeleni bekuyinkundla yenhloli eyinkimbinkimbi yazo zombili izinhlelo zeWindows neLinux; vele isithelele izisulu ezingaphezu kwesigidi.

I-StripedFly yahlukaniswa futhi yachithwa kabanzi njenge-malware engasebenzi kakhulu ye-crypto yezimayini ngenkathi itholwa okokuqala ngo-2017. Kodwa kusukela lapho, empeleni ibisebenza njengocezu oluyinkimbinkimbi lwe-malware evumela abahlaseli ukuthi bafinyelele ukuphikelela kumanethiwekhi kanye nokubonakala okuphelele umsebenzi wabo, kanye exfiltrate izifakazelo kanye neminye idatha ngokuthanda kwabo, abacwaningi kusukela U-Kaspersky wembule kokuthunyelwe kwebhulogi eshicilelwe Okthoba 26.

Nakuba i-StripedFly ingakwazi ngempela ukumba i-cryptocurrency ye-Monero, lokho kumane nje kuyiphuzu leqhwa ngamakhono ayo - into abacwaningi abayithola ngonyaka odlule futhi bayiphenya kahle ngaphambi kokukhipha abakutholile esidlangalaleni.

“Esakuthola kwakungalindelekile neze; i umvukuzi we-cryptocurrency bekuyingxenye eyodwa yebhizinisi elikhulu kakhulu," abacwaningi baseKaspersky uSergey Belov, uVilen Kamalov, noSergey Lozhkin babhala eposini.

Sekukonke, inkundla ibonakala "iwuphawu lwe-APT olungayilungele ikhompuyutha" ehlanganisa umhubhe wenethiwekhi ye-Tor eyakhelwe ngaphakathi ukuze uxhumane namaseva wokuyala nokulawula (C2), kanye nokuvuselela nokusebenza kokulethwa ngezinsizakalo ezithenjwayo njenge-GitLab, GitHub. , kanye ne-Bitbucket, zonke zisebenzisa izingobo zomlando ezibethelwe ngokwezifiso, zembulile.

Ngaphezu kwalokho, kubonakala sengathi i-StripedFly isivele ithelele izinhlelo ezingaphezu kwesigidi esi-1 ngokusekelwe kuzibuyekezo abacwaningi abazitholile endaweni yokugcina ye-Bitbucket ehlobene nohlelo olungayilungele ikhompuyutha futhi idalwe ngoJuni 21, 2018, ngaphansi kwe-akhawunti yomuntu othile osebenzisa igama elithi Julie Heilman.

Abacwaningi bathi ukutholakala kobubanzi be-StripedFly "kuyamangaza," ikakhulukazi uma kubhekwa ukuthi sekudlule iminyaka eyisithupha.

Ukubhidliza Impukane Emicu

Isakhiwo esiyinhloko sohlelo olungayilungele ikhompuyutha sinjengekhodi esebenzisekayo kanambambili ye-monolithic esekela amamojula ahlukahlukene axhumeka ukuze abahlaseli bakwazi ukunweba noma babuyekeze ukusebenza kwayo. Imojula ngayinye — ekhona ukuze inikeze isevisi noma ukusebenza okunwetshiwe - inesibopho sokusebenzisa kanye nokuphatha umsebenzi wayo wokuphinda ushaye ucingo ukuze uxhumane neseva ye-C2.

Inkundla iziveza kuqala kunethiwekhi njenge-PowerShell ebonakala iyisebenzisa njengendlela yokufaka yayo yokuqala ibhulokhi lomlayezo weseva (SMB) okubonakala kuyinguqulo yangokwezifiso I-EternalBlue, eyaputshuzwa ngo-April 2017 futhi isaqhubeka nokusongela amaseva e-Windows angakabhalwanga.

I-StripedFly isebenzisa izindlela ezahlukahlukene zokuphikelela kuye ngokutholakala komhumushi we-PowerShell namalungelo anikezwe inqubo. "Imvamisa, uhlelo olungayilungele ikhompuyutha luzobe lusebenza ngamalungelo okuphatha lapho lufakwa ngokusebenzisa ukuxhashazwa, namalungelo ezinga lomsebenzisi lapho ilethwa ngeseva ye-Cygwin SSH," kubhala abacwaningi.

Ngokuya ngamamojula ayo, uhlelo olungayilungele ikhompuyutha lunezinto ezintathu zokwenza izinsizakalo ezithile ezihlobene nokusebenza kwayo, neziyisithupha ezenza lokho kusebenza. Amamojula wesevisi awokugcina ukulungiselelwa, ukuthuthukisa nokukhipha uhlelo olungayilungele ikhompuyutha, kanye nommeleli wokuhlehla.

Amamojula okusebenza ayahlukahluka futhi aphelele ukuze anikeze abahlaseli uhlu lwamakhono, okubavumela ukuthi bahlole imisebenzi yenethiwekhi yesisulu. Ngaphezu kwe-cryptominer ye-Monero eshiwo ngenhla, amamojula yilawa: isibambi somyalo esixubile; isivuni sokuqinisekisa, imisebenzi ephindaphindwayo engathatha izithombe-skrini, irekhode okokufaka kwemakrofoni, futhi yenze eminye imisebenzi ngesisekelo esihleliwe; imojula yokuhlola ehlanganisa ulwazi olubanzi lwesistimu; SMBv1 futhi Amagciwane e-SSH ngamakhono okungena kanye nezikelemu.

Abacwaningi baphinde bathola okuhlukile kwe-ransomware okuhlobene okubizwa nge-ThunderCrypt eyabelana nge-codebase engaphansi efanayo futhi ixhumana neseva ye-C2 efanayo ne-StripedFly.

Izimfihlo Ezingaxazululwa

Okuthunyelwe kubhulogi kuhlanganisa izinkomba eziningi zokuyekethisa namanye amawebhusayithi kanye nedatha efanele ehlobene ne-StripedFly ukusiza izinhlangano zibone ukuthi zinalo yini igciwane.

Okwamanje, imibuzo eminingi isazulazula ku-StripedFly, okuhlanganisa isisusa sangempela sabenzi bobubi bayo - umbuzo ophinde wadidaniswa ukuba khona kwengxenye ehlobene ye-ransomware.

“Ngenkathi i-ThunderCrypt I-ransomware iphakamisa isisusa sokuhweba kubabhali bayo, iphakamisa umbuzo wokuthi kungani bengakhethanga indlela engaba nenzuzo enkulu kunalokho,” kubhala abacwaningi.

Akukacaci ukuthi iStripedFly isasebenza yini, njengoba ngesikhathi sokubhala, abacwaningi babone izibuyekezo eziyisishiyagalombili kuphela zezinhlelo zeWindows nezine zezinhlelo zeLinux endaweni yokugcina ye-Bitbucket. Lokhu kungase kubonise ukuthi "kuphakathi kokuthi kukhona izifo ezincane ezisebenzayo," noma ukuthi zonke izisulu esezivele zingenwe yi-StripedFly zisaxhumana nge-C2 yayo, baphawula.

“Yilabo kuphela abakha lolu hlelo olungayilungele ikhompyutha abaphethe impendulo,” kuvuma abacwaningi. “Kunzima ukwamukela umbono wokuthi uhlelo olungayilungele ikhompuyutha oluyinkimbinkimbi kanjalo noluklanywe ngobungcweti lungafeza injongo engathi shu, uma kubhekwa bonke ubufakazi obuphikisana nalokho.”

I-SEO Powered Content & PR Distribution. Khuliswa Namuhla.
I-PlatoData.Network Vertical Generative Ai. Zinike Amandla. Finyelela Lapha.
I-PlatoAiStream. I-Web3 Intelligence. Ulwazi Lukhulisiwe. Finyelela Lapha.
I-PlatoESG. Ikhabhoni, I-CleanTech, Amandla, Environment, Ilanga, Ukuphathwa Kwemfucuza. Finyelela Lapha.
I-PlatoHealth. I-Biotech kanye ne-Clinical Trials Intelligence. Finyelela Lapha.
Source: https://www.darkreading.com/threat-intelligence/complex-spy-platform-stripedfly-bites-1m-victims-disguised-as-a-cryptominer

I-Generative Data Intelligence

Inkundla Yezinhloli Eziyinkimbinkimbi I-StripedFly Iluma Izisulu eziyi-1M

Ukubhidliza Impukane Emicu

Izimfihlo Ezingaxazululwa

I-Chainlink Revolutionizes Blockchain ngokufinyelela kwe-API esheshayo ku-Base Layer 2 Phakathi nezibuyekezo ze-Global Crypto Legislative kanye Nentuthuko Yezimboni

I-Chainlink Ivula Ukufinyelela Okusheshayo kwe-API Kusendlalelo Esiyisisekelo sesi-2 njengoba iTurkey Iqinisa Imithetho Ye-Crypto kanye Nokuthuthukiswa Kokuthuthukiswa Kwe-Blockchain

Latest Intelligence

I-Chainlink Integration Ivula Ukufinyelela Kwe-API Esheshayo Kusendlalelo Sesisekelo 2 Phakathi Nezibuyekezo Zokulawulwa Kwe-Crypto Global kanye Nokunyakaza Kwemakethe

I-Chainlink's Instant API Access Iguqula Isendlalelo 2 Sesisekelo njengoba iTurkey Iqondanisa Imithetho Ye-Crypto kanye Nezinhlawulo Zokubhekana Nezinhlawulo Zamabhange AseMelika: I-Blockchain kanye ne-Crypto Roundup

I-Chainlink Iguqula I-Blockchain Ngokufinyelela Kwe-API Esheshayo Kusendlalelo Sesisekelo 2 Phakathi Nezinguquko Zomthetho We-Global Crypto kanye Nokushintshashintsha Kwemakethe

Ukuhlanganisa Idatha Yesikhathi Sangempela: I-Chainlink Functions Yethulwa ku-Base Layer 2 Phakathi Kwemithetho Ye-Crypto Yomhlaba Wonke kanye Nokuguquka Kwezimakethe

I-Chainlink Ihlanganisa ne-Base Layer 2 yokufinyelela kwe-API yesikhathi sangempela Phakathi Kwezibuyekezo Zokulawulwa Kwe-Crypto Global kanye Nentuthuko Yezimboni

I-Chainlink Ivula Ukufinyelela Okusheshayo kwe-API Kusendlalelo Esiyisisekelo sesi-2 Phakathi Negagasi Lokuthuthukiswa Kwe-Crypto: Umthetho waseTurkey, Ukuchithwa kwe-SEC, kanye Nokusungulwa Kwe-Global Blockchain