New SteelFox malware hijacks Windows PCs using vulnerable driver
A new malicious package called 'SteelFox' mines for cryptocurrency and steals credit card data by using the “bring your own vulnerable driver” technique to get SYSTEM privileges on Windows machines.
The malware bundle dropper is distributed through forums and torrent trackers as a crack tool that activates legitimate versions of various software like Foxit PDF Editor, JetBrains and AutoCAD.
Using a vulnerable driver for privilege escalation is common for state-sponsored threat actors and ransomware groups. However, the technique now appears to extend to info-stealing malware attacks.
Kaspersky researchers discovered the SteelFox campaign in August but say that the malware has been around since February 2023 and increased distribution lately using multiple channels (e.g. torrents, blogs, and posts on forums).
Kaspersky reports that malicious posts promoting the SteelFox malware dropper come with complete instructions on how to illegally activate the software. Below is a sample of such a post providing directions on how to activate JetBrains:
