SteelFox Exploits Foxit PDF Editor, AutoCAD for Banking Data Theft and Covert Crypto Mining – Report

SteelFox has reportedly exploited Foxit PDF Editor and AutoCAD for banking data theft and covert crypto mining.

Kaspersky’s Global Research and Analysis Team has uncovered a new and ongoing malicious campaign that “exploits popular software, such as Foxit PDF Editor, AutoCAD and JetBrains.”

The attackers employ stealer malware to capture victims’ credit card information and details about their “infected devices, while also operating as a cryptominer and secretly utilizing the power of infected computers to mine cryptocurrency.”

In just three months, Kaspersky‘s technologies have thwarted over 11,000 attack attempts.

In August of this year, Kaspersky’s Global Research and Analysis Team (GReAT) uncovered a series of attacks involving a previously “unknown bundle of miner and stealer malware,” which they dubbed SteelFox.

The initial attack vector involves posts on forums and torrent trackers, where the SteelFox dropper is “advertised as a way to activate legitimate software products for free.”

These droppers masquerade as cracks for “popular programs” such as Foxit PDF Editor, JetBrains, and AutoCAD.

Altough they offer the functionality, they deliver “sophisticated” malware directly onto users’ computers.

The campaign consists of these components: the stealer module, and a cryptominer.

SteelFox reportedly gathers information from victims’ computers, including the following: browser data, account credentials, credit card information, and details about installed software and antivirus solutions.

It can also reportedly capture Wi-Fi passwords, system information, and timezone data.

In addition to this, the attackers are said to utilize a modified version of XMRig, an open-source miner, to leverage the “power of infected devices for cryptocurrency mining, likely targeting Monero.”

GReAT research shows that the campaign has been active since “at least February 2023 and continues to pose a threat today.”

Throughout its operation, while the cybercriminals behind the SteelFox campaign did not “significantly” change its functionality, they “worked to modify its techniques and code to evade detection.”

Dmitry Galov, Head of Research Center for Russia and CIS at Kaspersky’s GReAT said that the attackers have gradually diversified their infection vectors, “initially targeting Foxit Reader users.”

Galov added that once they confirmed that the malicious campaign was effective, they expanded their reach to “include cracks for JetBrains products.”

Galov also noted that three months later, they began “exploiting AutoCAD’s name as well.”

Galov confirmed that the campaign remains active, and they “anticipate that they may start distributing their malware under the guise of other more popular products,”

SteelFox operates on a large scale, affecting anyone who “encounters the compromised software.”

From August to the end of October, Kaspersky security solutions detected over 11,000 attacks, with affected users located in Brazil, China, Russia, Mexico, the UAE, and other regions.

To “minimize” risks of falling victims to such “malicious campaigns,” Kaspersky experts recommend:

  • Download applications only from official sources.
  • Regularly update your operating system and installed applications.
  • Install a reliable security solution from a developer whose products are validated by independent testing laboratories, such as Kaspersky Premium.

Established in 2008, Global Research & Analysis Team (GReAT) operates at the very heart of Kaspersky, uncovering “APTs, cyber-espionage campaigns, major malware, ransomware, and underground cyber-criminal trends across the world.”

Today GReAT consists of 40+ professionals working globally – in Europe, Russia, Latin America, Asia, Middle East.

Talented security professionals provide company leadership in anti-malware research and innovation, bringing “expertise, passion and curiosity to the discovery and analysis of cyberthreats.”

Kaspersky is a cybersecurity and digital privacy company founded in 1997.

With over a “billion devices” protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is transforming into solutions and services to “protect businesses, critical infrastructure, governments and consumers around the globe.”

The company’s security portfolio includes endpoint protection, specialized security products and services, as well as Cyber Immune solutions “to fight sophisticated and evolving digital threats.”

They claim to help corporate clients protect what “matters most to them. “


Register Now
Sponsored Links by DQ Promote

 

 

Send this to a friend