December 2, 2023

Kaspersky researchers warned about malware dubbed as StripedFly, saying it has affected over a million people across the world in the past six years.

Active since 2017, StripedFly was acting as a cryptocurrency miner, but it turned out to be a complex malware with a multi-functional wormable framework, the Russia-based entity said in a report released here.

The malware payload encompasses multiple modules, enabling the actor to perform as an APT as a crypto miner and even as a ransomware group, potentially expanding its motives from financial gain to espionage.


The actor behind this operation has acquired extensive capabilities to clandestinely spy on victims.

The malware harvests credentials every two hours, pilfering sensitive data such as site and Wi-Fi login credentials, along with personal data such as name, address, phone number, company and job title.

The malware can capture screenshots on the victim’s device without detection, gain significant control over the machine, and even record microphone input.

To avoid falling victim to a targeted attack by a known or unknown threat attacker, update your operating system, applications, and antivirus software regularly to patch any known vulnerabilities.


The experts also suggest verifying the sender’s identity before sharing any personal details or clicking on suspicious links and remaining cautious of emails, messages, or calls asking for sensitive information.

Indicators of compromise

  • gpiekd65jgshwp2p53igifv43aug2adacdebmuuri34hduvijr5pfjad[.]onion ghtyqipha6mcwxiz[.]onion
  • ajiumbl2p2mjzx3l[.]onion
  • bitbucket[.]org/JulieHeilman/m100-firmware-mirror/downloads/
  • bitbucket[.]org/upgrades/um/downloads/
  • bitbucket[.]org/legit-updates/flash-player/downloads
  • gitlab[.]com/JulieHeilman/m100-firmware-mirror/raw/master/
  • gitlab[.]com/saev3aeg/ugee8zee/raw/master/
  • github[.]com/amf9esiabnb/documents/releases/download/
  • tcp://pool.minexmr[.]com:4444
  • tcp://mine.aeon-pool[.]com:5555
  • tcp://5.255.86[.]125:8080
  • tcp://45.9.148[.]21:80
  • tcp://45.9.148[.]36:80
  • tcp://45.9.148[.]132:8080
  • b28c6d00855be3b60e220c32bfad2535
  • 18f5ccdd9efb9c41aa63efbe0c65d3db
  • 2cdc600185901cf045af027289c4429c
  • 54dd5c70f67df5dc8d750f19ececd797
  • d32fa257cd6fb1b0c6df80f673865581
  • c04868dabd6b9ce132a790fdc02acc14
  • c7e3df6455738fb080d741dcbb620b89
  • d684de2c5cfb38917c5d99c04c21769a
  • a5d3abe7feb56f49fa33dc49fea11f85
  • 35fadceca0bae2cdcfdaac0f188ba7e0
  • 00c9fd9371791e9160a3adaade0b4aa2
  • 41b326df0d21d0a8fad6ed01fec1389f
  • 506599fe3aecdfb1acc846ea52adc09f
  • 6ace7d5115a1c63b674b736ae760423b
  • e2ef6e074bd683b477a2a2e581386f0
  • 04df1280798594965d6fdfeb4c257f6c
  • abe845285510079229d83bb117ab8ed6
  • 090059c1786075591dec7ddc6f9ee3eb
  • 120f62e78b97cd748170b2779d8c0c67
  • d64361802515cf32bd34f98312dfd40d

1 thought on “StripedFly Malware in radar infects millions of devices

Leave a Reply

%d bloggers like this: