Antivirus provider Kaspersky uncovers a sophisticated piece of ‘StripedFly’ malware camouflaged as a cryptocurrency miner that’s been targeting PCs for more than five years.
Antivirus provider Kaspersky uncovers a sophisticated piece of ‘StripedFly’ malware camouflaged as a cryptocurrency miner that’s been targeting PCs for more than five years.
They describe an SSH infector, as well as a credentials scanner. To me, that sounds like it started like from exploited/infected Windows computers with SSH access, and then continued from there.
With how many unencrypted SSH keys there are, how most hosts keep a list of the servers they SSH into, and how they can probably bypass some firewall protections once they’re inside the network: not a bad idea.
I think the original article talked about “spreading” to Linux machines so that generally tracks with what you’re saying that it starts on a Windows machine that itself has access to a Linux machine.