In a publication on its Securelist site, Kaspersky signals a new threat that targets Windows PCs and can steal sensitive information from victims, including payment data. Called SteelFox, this set of malware was identified in August, although the campaign began in 2023. To spread the malware, its author would distribute links on forums or on torrent sites, to download for free utility software like Foxit PDF Editor or AutoCAD.
But when installing distributed software, hackers take the opportunity to insert malicious code which will allow them to mine cryptocurrencies on the victim’s device, but also to steal sensitive information. SteelFox would target users of popular browsers, including Chrome, Opera, Firefox or Brave on Windows. And it would be able to extract cookies, credit card data, browsing history, as well as places visited (for Mozilla Firefox visitors).
Be careful what you download
“This campaign is not aimed at specific individuals or organizations. Rather, it operates on a large scale, infecting anyone who comes across the compromised software. At the time of this study, our security solutions had detected this threat more than 11,000 times. Users of various popular applications, such as AutoCAD, JetBrains and Foxit, are targeted”says Kaspersky.
To avoid falling into this trap, Kaspersky recommends only downloading applications from official developer sites, and using an antivirus. Otherwise, the company says this large-scale attack cannot be attributed because the accounts distributing the download links are either compromised accounts or “inexperienced” users who do not realize they are distributing a malware.
- Kaspersky has identified a new threat called SteelFox that targets Windows users
- This malware is spread via known software download links
- Once installed, the file infects the victim’s machine to mine cryptocurrencies and steal sensitive data, such as payment data
- According to Kaspersky, the attack does not target specific groups of people, but operates on a large scale