Kaspersky Reveals SteelFox Campaign: Popular Software Exploitation

Illustration of the AutoCAD application (photo: AutoCAD)

JAKARTA - Kaspersky's Global Research and Analysis Team has uncovered new and sustainable malicious campaigns exploiting popular software, such as Foxit PDF Editor, AutoCAD, and JetBrains.

Analyzed since August 2024, the campaign called SteelFox consists of two main components, namely the Stealer module and crypto miners.

First, SteelFox collects extensive information from victims' computers, including browser data, account credentials, credit card information, and details about installed software as well as antiviral solutions.

In fact, they can also capture Wi-Fi passwords, system information, and time zone data from infected computers.

In addition, the attackers also used a modified version of XMRig, an open source miner, to leverage the power of infected devices for crypto mining, which is likely to target Monero.

GREAT's research shows that the campaign has been active since at least February 2023 and continues to pose a threat to date.

During its operation, although threat actors behind the SteelFox campaign did not change its function significantly, they are trying to modify the technique and code to avoid detection.

In just three months, Kaspersky's technology has thwarted more than 11,000 attacks, with the majority of affected users in Brazil, China, Russia, Mexico, the UAE, Egypt, Algeria, Vietnam, India, and Sri Lanka.

To minimize the risk of becoming a victim of this dangerous campaign, Kaspersky experts also suggested: