Skip to main content
  1. Home
  2. Computing
  3. News

Security experts warn of new hacker strategy targeting Windows drivers

By

As if there weren’t enough threats to your Windows computer already, here is another one to be careful with. Kaspersky reports that tens of thousands of compromised PCs are infected as cybercriminals advertise fake activators and cracks to lure in unsuspecting users for distinct software such as AutoCAD, JetBrains, and Foxit PDF Editor.

The malicious package named SteelFox has been quietly spreading since February 2023, but its distribution has exploded recently. The malware is dispersed using torrent trackers and forums, where it is used as a tool to activate authentic versions of the previously mentioned software.

Recommended Videos

The experts at Kaspersky warn that the malware mimics cryptocurrencies and steals sensitive financial and non-financial information from your devices. When you install the fake crack, a vulnerable driver called WinRingO.sys is added that restores CVE-2021-41285 and CVE-2020-14979, four- and three-year-old vulnerabilities that give hackers full access to your PC.

When hackers access these vulnerabilities, they insert XMRig, a program that steals computer resources to mine cryptocurrency, an attack known as cryptojacking. XMRig uses your electricity, PC power, and the internet to mine Monero and other cryptocurrencies, making your PC useless. An info stealer is also inserted to retrieve data from 13 web browsers, including browsing history, credit card info, session cookies, network data, and system information. A Remote Desktop Protocol (RDP) connection is also established.

The report also mentioned a malicious post that included complete instructions on how to launch the software illegally. Further, Kaspersky says that “the execution chain looks legitimate until the moment the files are unpacked.” The damaging software is inserted in the process and adds the machine code that launches Steelfox.

Kaspersky also says it has blocked 11,000 attacks thus far, but the number can easily be much higher. Affected users are worldwide, including in countries such as Mexico, Brazil, Russia, China, UAE, Algeria, Egypt, Vietnam, Sri Lanka, and India.

You can stay safe by only downloading software from legitimate sources, and having top-tier antivirus software such as Bitdefender is a great idea.

Editors’ Recommendations

Topics
Judy Sanhz
Judy Sanhz
Computing Writer
Judy Sanhz is a Digital Trends computing writer covering all computing news. Loves all operating systems and devices.
Hackers dug deep in the massive LastPass security breach
The LastPass logo appears in front of a menacing hooded figure.

The cybersecurity breach that LastPass owner GoTo reported in November 2022 keeps getting worse as new details are revealed, calling into question the company's transparency on this serious issue.

It has been two months since GoTo shared the alarming news that hackers stole the usernames, passwords, email addresses, phone numbers, IP addresses, and even billing information of LastPass users. In GoTo's latest blog update, the company reported that several of its other products were compromised as well.

Read more
Hackers sink to new low by stealing Discord accounts in ransomware attacks
a faceless hacker in a black hoodie in front of a computer screen with lines of code on it.

As if ransomware wasn’t terrifying enough already, hackers are now trying to hold your Discord account hostage, as well as your files. Thankfully, you can grab your Discord back if you act quickly enough.
This new ransomware campaign was recently discovered by leading cybersecurity firm Cyble, and it’s a particularly nasty one. A wave of similar attacks is emerging, including AXLocker, Octocrypt, and Alice. Ransomware encrypts files on the infected computer before demanding that you pay to decrypt your files to regain access.

Something uniquely cruel about AXLocker is that it also copies your Discord token and sends it to the hacker's server, giving them an opportunity to access and steal your Discord account. The malware is sneaky and leaves file names and extensions intact as it encrypts files so you might not notice anything is wrong until you see the ransom note.

Read more
Hackers target your holiday shopping with new phishing scam
Woman using a laptop next to a latte.

It's easy to get fooled by this new and devious, holiday-themed phishing attack that offers free prizes. But the old caution that “if it sounds too good to be true, it probably is” continues to be proven correct in this case.

What makes this trick so effective is the elaborate methods used to conceal its nefarious purpose and to reassure you, the potential victim, that it’s perfectly OK to proceed. This phishing attack has actually been active since September and is ongoing, targeting holiday shoppers seeking special offers.

Read more