Cybersecurity Alert: Sophisticated Malware Targets Popular Software Users

Kaspersky’s Global Research and Analysis Team (GReAT) has identified a new wave of cyberattacks targeting users of popular software, including Foxit PDF Editor, AutoCAD, and JetBrains. Attackers employ malware to steal users’ credit card and device information and secretly run crypto-mining operations, utilizing infected systems' processing power for cryptocurrency mining. In just three months, Kaspersky thwarted over 11,000 such attacks, with users in Brazil, China, Russia, Mexico, the UAE, Egypt, Algeria, Vietnam, India, and Sri Lanka most affected.

In August 2024, Kaspersky’s GReAT team discovered a cyberattack involving the “StealFox” malware bundle, containing both stealer and crypto-miner modules. StealFox is shared on forums and torrent sites disguised as cracked versions of popular software like Foxit PDF Editor, JetBrains, and AutoCAD. Once installed, StealFox captures a range of sensitive data, including browser information, passwords, credit card details, system information, and Wi-Fi credentials. It also installs a modified XMRig miner to mine Monero cryptocurrency covertly on infected devices.

Dmitry Galov, Head of Kaspersky’s Russia and CIS Research Center, noted, “The attackers have gradually shifted their tactics. Initially, they targeted Foxit Reader users, and following the success of that campaign, began distributing JetBrains’ cracked versions. Three months later, they launched attacks under the AutoCAD name.”

The attack remains active, and Kaspersky suspects further campaigns may disguise malware as additional popular software. Kaspersky advises users to download applications from official platforms, maintain software updates, and use security solutions from trusted developers.