CreepyDrive

CreepyDrive is a type of malware that can infect and damage users' computers or devices. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. CreepyDrive utilizes a POLONIUM-owned OneDrive storage account for command and control. It makes a predictable sequence of requests to Microsoft authentication servers and OneDrive that can be detected using the Invoke-WebRequest cmdlet. Despite its predictive pattern of requests, CreepyDrive does not contain victim identifiers, making it difficult to use the same OneDrive account for multiple victims. After infecting a device, the CreepyDrive implant repeatedly sleeps and re-executes in a loop until the process is terminated. It is crucial to protect your computer or device from malicious software like CreepyDrive by avoiding suspicious downloads, emails, or websites. Additionally, regularly updating your antivirus software, keeping your operating system up-to-date, and being cautious when opening email attachments can help prevent malware infections.