**Windows PCs Targeted by New Malware Exploiting Vulnerable Drivers**
A new malware campaign called "SteelFox" is infecting Windows PCs worldwide by leveraging a technique known as a *Bring Your Own Vulnerable Driver* (BYOVD) attack. The campaign deploys a cryptominer and an infostealer that targets sensitive data.
Security researchers report that SteelFox spreads by advertising fake software cracks and activators for popular programs like Foxit PDF Editor, JetBrains, and AutoCAD. When users install these, a vulnerable driver, WinRing0.sys, is added to their systems. This driver reintroduces known vulnerabilities (CVE-2020-14979 and CVE-2021-41285), giving attackers high-level privileges.
Once these vulnerabilities are exploited, SteelFox installs XMRig, a cryptomining tool that uses the infected system's resources to mine Monero, significantly slowing down the victim's device. Alongside the miner, an infostealer is deployed to extract data from 13 web browsers, including browsing history, session cookies, credit card details, and possibly cryptocurrency wallet information.
Kaspersky has documented and blocked over 11,000 SteelFox attacks, though the total impact is likely much larger. The campaign is affecting users worldwide, with the highest concentration in Brazil, China, Russia, and other regions. With cryptocurrency prices on the rise, this type of malware may become even more common in the coming months.
Comments