StrongPity — Lurking in the Shadows

Blake Potter
Maryville_University_Cyber_Fusion_Center
2 min readApr 6, 2021

Vulnerability Details

StrongPity is beginning to hit various companies again and is wreaking some major havoc. This malware goes by other names such as APT-C-41 and Promethium. StrongPity is essentially a backdoor and it typically targets the educational, industrial, and financial industries. The main way that a company acquires this malware is via a watering hole. A watering hole is an attack vector where the attacker places malware on a commonly used website. Therefore, attackers will place StrongPity within commonly used websites so that they can target a large group of people. However, this malware is very sneaky because it links itself with standard software and then is downloaded along with the intended software. The main purpose of this malware is to spy on users silently. Therefore, it can take months or sometimes years to notice this malware because it does not seek to ruin or destroy anything.

Effected Systems

The main systems that are targeted are systems running Windows OS. This is due to the configuration of the malware and because it was created specifically to target Windows. However, anyone could be targeted because this Malware is usually placed on websites with large amounts of traffic.

Remediation

The main way to avoid downloading this malware is to only visit trusted sites. This will greatly reduce the chance of downloading this malware. However, this malware can even be placed on trusted sites, so it is more important to pay attention to what is installing. Make sure to monitor what is running in the background. Lastly, utilize a next gen antivirus so that it can constantly be searching your environment for suspicious files and new threats.

--

--