Kaspersky experts have uncovered a previously unknown, highly sophisticated StripedFly malware with global reach affecting over a million victims since at least 2017. Initially acting as a cryptocurrency miner, it turned out to be complex malware with a multi-functional wormable framework.
In 2022, Kaspersky’s Global Research and Analysis Team encountered two unexpected detections within the WININIT.EXE process, triggered by the code sequences that were earlier observed in the Equation malware. This activity had been ongoing since at least 2017 and had effectively evaded prior analysis, previously being misclassified as a cryptocurrency miner. After conducting a comprehensive examination of the issue, it was discovered that the cryptocurrency miner was merely a component of a much larger entity – a complex, multi-platform, multi-plugin malicious framework.