Kaspersky’s Global Research and Analysis Team (GReAT) exposed a cyberattack campaign involving a new malware bundle, SteelFox, which includes stealer and cryptominer modules. The malware is disguised as cracks for popular software such as Foxit PDF Editor, JetBrains, and AutoCAD, distributed through forum posts and torrent trackers. Once installed, SteelFox collects extensive user data, including browser info, credentials, credit card details, system data, and Wi-Fi passwords. The malware also installs a modified XMRig cryptominer to exploit infected devices for Monero mining. Kaspersky advises users to download applications from official sources, keep software updated, and use security solutions from trusted developers. The campaign has affected over 11,000 users across Brazil, China, Russia, Mexico, and other countries. Kaspersky’s products detect this threat as HEUR:Trojan.Win64.SteelFox.gen, Trojan.Win64.SteelFox.*.
