The digital world is rife with threats to your Windows PC, and a new one has emerged that demands your attention. Dubbed SteelFox, this malicious software package, disguised as software activators and cracks, has been infecting tens of thousands of computers since February 2023, with a recent surge in distribution. Lured by the promise of free access to popular software like AutoCAD, JetBrains, and Foxit PDF Editor, unsuspecting users are falling prey to this insidious Trojan, as reported by Kaspersky.
SteelFox spreads primarily through torrent trackers and online forums, masquerading as legitimate activation tools. However, beneath the surface lies a dangerous combination of cryptojacking malware and an information stealer. Once installed, the fake crack deploys a vulnerable driver, WinRing0.sys, which exploits older vulnerabilities (CVE-2021-41285 and CVE-2020-14979) to grant hackers full access to your system.
This access allows them to install XMRig, a cryptojacking program that hijacks your computer’s resources to mine cryptocurrencies like Monero. This drains your electricity, overloads your PC, and consumes your internet bandwidth, effectively rendering your computer unusable. Simultaneously, an info stealer is deployed, targeting data from 13 web browsers, including browsing history, credit card information, saved session cookies, network data, and system information. The attackers also establish a Remote Desktop Protocol (RDP) connection, providing them with remote control of your compromised machine.
Kaspersky’s analysis reveals that malicious posts circulating online provide detailed instructions on how to illegally activate software using these infected cracks. The deceptive nature of the attack makes it difficult to detect, as “the execution chain looks legitimate until the moment the files are unpacked,” according to Kaspersky. It’s during this unpacking process that the malicious code is injected, launching the SteelFox Trojan.
While Kaspersky has already blocked over 11,000 attacks, the actual number of infected computers is likely much higher. The attacks have a global reach, impacting users in countries such as Mexico, Brazil, Russia, China, UAE, Algeria, Egypt, Vietnam, Sri Lanka, and India.
To protect yourself from this threat, it is crucial to download software exclusively from official and trusted sources. Investing in robust antivirus software, like Bitdefender, is also highly recommended as an additional layer of security. Staying vigilant and informed about emerging cyber threats is paramount in safeguarding your digital assets.
