Wednesday, 2 April 2025
24.1 C
Singapore
31.1 C
Thailand
21.9 C
Indonesia
26.6 C
Philippines

New malware SteelFox targets Windows users through fake software activators

Beware of SteelFox malware, targeting Windows users worldwide with fake activators for AutoCAD, JetBrains, and Foxit, causing data theft and cryptojacking.

A new cyber threat is making waves across the world, targeting Windows users with a malicious strategy thatโ€™s becoming alarmingly common. Known as โ€œSteelFox,โ€ this malware package uses fake software activators to infect Windows systems with cryptocurrency mining and data-stealing tools, affecting tens of thousands of computers worldwide.

Experts from Kaspersky report that since February 2023, cybercriminals have been actively distributing SteelFox via torrent sites and online forums. The malware is disguised as legitimate โ€œcracksโ€ or โ€œactivatorsโ€ for popular software like AutoCAD, JetBrains, and Foxit PDF Editor. These fake activators, which promise users access to full versions of costly software, have instead turned into a direct route for hackers to gain access to usersโ€™ systems.

How the SteelFox malware operates

When unsuspecting users download and install these fake activators, a risky driver named WinRingO.sys is also installed, which reopens two old vulnerabilities โ€” CVE-2021-41285 and CVE-2020-14979 โ€” previously patched but now re-exploited by hackers. By installing these vulnerabilities, attackers gain full access to your computer, allowing them to infiltrate the system and take advantage of your resources.

One of the primary tools hackers use is a crypto miner called XMRig, which hijacks your systemโ€™s processing power, electricity, and internet bandwidth to mine Monero and other cryptocurrencies, a process known as crypto jacking. This makes your computer run slower, overheat, and use excessive power, resulting in a significantly compromised system and increased utility bills.

The malware also contains an โ€œinfo stealerโ€ program that harvests sensitive information from over 13 web browsers, including details like credit card numbers, browsing history, and login credentials. This stolen data can be used for further attacks or sold on the dark web, potentially leading to identity theft and financial loss. Additionally, hackers establish a Remote Desktop Protocol (RDP) connection to maintain control over the infected device, giving them unrestricted access whenever they choose.

A growing global issue

Kasperskyโ€™s report reveals that SteelFox is not limited to a specific region; attacks have been detected worldwide. Countries with high infection rates include Mexico, Brazil, Russia, China, the United Arab Emirates, Algeria, Egypt, Vietnam, Sri Lanka, and India. The number of reported infections continues to grow, and Kaspersky has blocked over 11,000 attempted attacks so far, though the true count may be much higher.

The malware is complicated to detect because it appears to follow the typical steps of software installation, creating an illusion of legitimacy until the files are unpacked and the harmful code is unleashed. Kaspersky warns that some online posts have shared full instructions for launching the software illegally, encouraging users to bypass paid licenses with these infected cracks, inadvertently inviting SteelFox into their systems.

How to stay safe from SteelFox

With threats like SteelFox on the rise, cybersecurity experts strongly advise downloading software only from official and verified sources. Relying on torrents and unofficial sites is one of the easiest ways to compromise your device inadvertently. Having reliable, up-to-date antivirus software is also critical. Products from reputable providers, such as Bitdefender, can help detect and block threats like SteelFox before they gain a foothold in your system.

Taking preventive measures is essential to safeguard your data and computing resources. Avoid pirated software, use strong and unique passwords, and ensure your operating system and all applications are up to date with the latest security patches. While SteelFox is a serious threat, these steps can significantly reduce your chances of becoming a victim.

Hot this week

Android Auto beta now supports full-screen gaming

Android Autoโ€™s latest beta introduces full-screen gaming, allowing you to play Candy Crush Soda Saga and Angry Birds 2 while parked.

Samsungโ€™s latest vacuum alerts you to calls and texts while you clean

Samsungโ€™s new Bespoke AI Jet Ultra vacuum can alert you to calls and texts while cleaning as the brand expands smart home screens across appliances.

Canon introduces ultra-wide RF20mm f/1.4L VCM lens for hybrid shooters

Canon announces its widest VCM lens yet with the RF20mm f/1.4L VCM, designed for hybrid shooting with outstanding optics and video features.

Canon unveils new cameras and lens to support content creators’ video needs

Canon unveils video-focused EOS R50 V, PowerShot V1, and power zoom lens to support creators with new filming and livestreaming features.

Global tech leaders to explore the future of enterprise at ATxEnterprise 2025

ATxEnterprise 2025 in Singapore will bring together global leaders to explore AI, cybersecurity, and the future of enterprise technology.

These robot vacuums are getting smarter with Apple Home support

Appleโ€™s iOS 18.4 update adds Matter support for robot vacuums, enabling control via Apple Home. Roborock, iRobot, and Ecovacs are updating their devices.

Gmail introduces easier encryption for business emails

Google introduces a new encryption model for Gmail, making it easier for businesses to send secure emails without special software or certificates.

Nothing Phone (3a) Pro review: A mid-range marvel with standout zoom

Nothing Phone (3a) Pro blends standout design, powerful zoom camera, and smart features, making it a top choice in the mid-range segment.

Vivo challenges iPhone 16 Pro Max with X200 Ultraโ€™s video stability

Vivoโ€™s X200 Ultra teaser compares video stability with the iPhone 16 Pro Max, promising top-tier camera upgrades and advanced stabilisation.

Related Articles