SteelFox exploits Foxit PDF Editor and AutoCAD for banking data theft and covert crypto mining

Kaspersky

Kaspersky’s Global Research and Analysis Team has uncovered a new and ongoing malicious campaign that exploits popular software, such as Foxit PDF Editor, AutoCAD and JetBrains. The attackers employ stealer malware to capture victims’ credit card information and details about their infected devices, while also operating as a cryptominer and secretly utilizing the power of infected computers to mine cryptocurrency. In just three months, Kaspersky’s technologies have thwarted over 11,000 attack attempts, with the majority of affected users located in Brazil, China, Russia, Mexico, the UAE, Egypt, Algeria, Vietnam, India, and Sri Lanka.
 



 
 In August 2024, Kaspersky’s Global Research and Analysis Team (GReAT) uncovered a series of attacks involving a previously unknown bundle of miner and stealer malware, which they dubbed SteelFox.

The initial attack vector involves posts on forums and torrent trackers, where the SteelFox dropper is advertised as a way to activate legitimate software products for free. These droppers masquerade as cracks for popular programs such as Foxit PDF Editor, JetBrains, and AutoCAD. While they offer the promised functionality, they also deliver sophisticated malware directly onto users’ computers.

The campaign consists of two main components: the stealer module, and a cryptominer. SteelFox gathers extensive information from victims’ computers, including browser data, account credentials, credit card information, and details about installed software and antivirus solutions. It can also capture Wi-Fi passwords, system information, and timezone data. Additionally, the attackers utilize a modified version of XMRig, an open-source miner, to leverage the power of infected devices for cryptocurrency mining, likely targeting Monero.

GReAT research shows that the campaign has been active since at least February 2023 and continues to pose a threat today. Throughout its operation, while the cybercriminals behind the SteelFox campaign did not significantly change its functionality, they worked to modify its techniques and code to evade detection. “The attackers have gradually diversified their infection vectors, initially targeting Foxit Reader users. Once they confirmed that the malicious campaign was effective, they expanded their reach to include cracks for JetBrains products. Three months later, they began exploiting AutoCAD’s name as well. The campaign remains active, and we anticipate that they may start distributing their malware under the guise of other more popular products,” comments Dmitry Galov, Head of Research Center for Russia and CIS at Kaspersky’s GReAT.

SteelFox operates on a large scale, affecting anyone who encounters the compromised software. From August to the end of October, Kaspersky security solutions detected over 11,000 attacks, with the majority of affected users located in Brazil, China, Russia, Mexico, the UAE, Egypt, Algeria, Vietnam, India, and Sri Lanka.

To minimize risks of falling victims to such malicious campaigns, Kaspersky experts also recommend:
– Download applications only from official sources.
– Regularly update your operating system and installed applications.
– Install a reliable security solution from a developer whose products are validated by independent testing laboratories, such as Kaspersky Premium.

Kaspersky’s products detect this threat as HEUR:Trojan.Win64.SteelFox.gen, Trojan.Win64.SteelFox.*.

Details of the malicious campaign are available on Securelist.com.

 
 



 

Leave a Reply

Your email address will not be published. Required fields are marked *

11 + 18 =


About us

Lanka Business News is amongst the leading online Business News portals in Sri Lanka, unique for its focus on contemporary business news relevant across multiple industries operating in the country. We present not only the news, but a perspective based on observations and possible implications of a prevailing news item. LBN also provides an insight to the impact of a global economic or industrial development, thus helping stakeholders make informed and calculated decisions.




ADVERTISE

LBN AD


Follow Us



Newsletter