Watch out for StripedFly malware

Emre Çitak
Oct 27, 2023

Cybersecurity researchers have discovered a sophisticated cross-platform malware platform named StripedFly malware that has infected over 1 million Windows and Linux systems since 2017. The malware, which was wrongly classified as just a Monero cryptocurrency miner, is designed to evade detection and steal sensitive data from victims.

StripedFly malware is unique in that it can target both Windows and Linux systems, making it a more dangerous threat than traditional malware. The malware is also highly modular, meaning that it can be customized to carry out a variety of malicious tasks, including:

Stealing sensitive data, such as passwords, credit card numbers, and other personal information

  • Disabling security software
  • Launching denial-of-service attacks
  • Mining cryptocurrency
  • Installing other malware

StripedFly is believed to be the work of a highly skilled and experienced threat actor. The malware is well-crafted and uses a variety of sophisticated techniques to evade detection.

StripedFly malware
StripedFly malware does not affect macOS

How StripedFly malware infects systems

StripedFly is typically spread through phishing emails or malicious websites. When a victim clicks on a malicious link or opens an infected attachment, StripedFly malware is downloaded to their system.

Once installed, StripedFly malware uses a variety of techniques to hide its presence and evade detection. For example, the malware can disable security software, modify system settings, and encrypt its files.

StripedFly malware can also communicate with its command-and-control server to receive instructions and download updates. This makes it very difficult for security researchers to track and disrupt the malware.

Malware modules

StripedFly malware operates as a monolithic binary executable with pluggable modules, giving it an operational versatility often associated with APT operations.

StripedFly's modules from Kaspersky's report are as follows:

  • Configuration storage: Stores encrypted malware configuration
  • Upgrade/Uninstall: Manages updates or removal based on C2 server commands
  • Reverse proxy: Allows remote actions on the victim's network
  • Miscellaneous command handler: Executes varied commands like screenshot capture and shellcode execution
  • Credential harvester: Scans and collects sensitive user data like passwords and usernames
  • Repeatable tasks: Carries out specific tasks under certain conditions, such as microphone recording
  • Recon module: Sends detailed system information to the C2 server
  • SSH infector: Uses harvested SSH credentials to penetrate other systems
  • SMBv1 infector: Worms into other Windows systems using a custom EternalBlue exploit
  • Monero mining module: Mines Monero while camouflaged as a "chrome.exe" process

Read alsoAI responses may link to malware.

What to do to protect yourself from StripedFly?

To safeguard yourself from the StripedFly malware, there are several proactive measures you can take. First and foremost, exercise caution when dealing with emails and their attachments. Avoid opening suspicious emails and refrain from downloading unfamiliar attachments.

Moreover, it's essential to maintain the security of your digital fortress. Ensure that your security software is consistently updated to fortify your defenses against potential breaches.

Another vital aspect of protection involves password management. Utilize a robust password manager to generate and securely store unique passwords for all your online accounts. Complement this with the implementation of two-factor authentication across your online platforms to add an extra layer of security.

Additionally, don't overlook the significance of regular data backups. Safeguard your essential data by creating backups to mitigate potential data loss in case of an attack.

StripedFly malware
There are several steps you must take if you suspect you have been affected by StripedFly malware - Image courtesy of DCstudio/Freepik

If you suspect that your system has fallen victim to StripedFly malware, swift action is imperative to mitigate the damage.

Follow these steps to address the issue:

  1. Isolate your system: Disconnect your system from the internet to prevent the malware from spreading further. This step is crucial in containing the infection
  2. Change passwords: As a precaution, change the passwords for all your online accounts to thwart unauthorized access
  3. Enhance account security: Reiterate the importance of two-factor authentication by enabling it for all your online accounts. This provides an additional barrier against malicious access
  4. Data backup: Back up your critical data to prevent potential loss during the remediation process
  5. Scan for malware: Employ a reputable antivirus and anti-malware program to scan your system for the presence of StripedFly malware or any other malicious software
  6. Manual removal (if necessary): In the event that the malware persists, consider manually removing it by deleting its files and reverting any system settings that it may have altered

Note: This step should be approached with caution, and it may be beneficial to seek professional assistance.

By adhering to these protective and responsive measures, you can fortify your defenses against StripedFly and efficiently address any potential breaches.


Previous Post: «
Next Post: «


  1. Rex said on October 30, 2023 at 7:26 am

    Let me know when there’s malware that doesn’t depend on PEBKAC to spread. The ‘open untrustworthy attachment’ and ‘visit shady website’ mode of distribution has been around since the previous century and people still don’t learn.

    1. Nick Hopkins said on October 30, 2023 at 9:19 am

      Pretty sure I have this on my phone. Came already installed on a replacement that was refurbished through verizon. It will get to your router and install on everything c9nnected to your network. Smart tvs, xboxs, amazon echos, computers, it really doesn’t discriminate. I don’t get what they get out of it though besides the cryptomining thing. Imo, I think this is probably a cyber weapon that is building its roster of victims. I’ve found this thing on numerous of my friends and families computers. No one even knows they have it. None of my accounts have been hacked. No ss number breaches. No credit card breaches. Honestly, when I first saw it, I thought my wife had put spying software on my phone. I’m sure people were starting to think I was going crazy. You wouldn’t believe how many people told me that what I was describing wasn’t a real possibility. This thing literally rewrote a program that I loaded from a disk in real time. Can’t wait until they figure out how to get rid of it because scans don’t work, factory resets don’t work, and if it thinks you’re getting too close to it, it just kicks you out of whatever you were doing. I’ll do a clean reboot on my computer but I’m not sure about everything else. This thing is very resilient. It doesn’t want to be kicked out. Whoever, or better yet, whichever government made this thing has created a monster. Before last week, I didn’t think something like this existed. But it does and if it gets you, be ready for one of the biggest headaches of your life.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.