Popular multinational cybersecurity and antivirus provider, Kaspersky Labs’ global software systems raised security alarms across several of its clients. Following it, the Russian Lab revealed the presence of a new miner malware.
PowerGhost by Kaspersky
The cryptocurrency miner dubbed as ‘PowerGhost’ installs itself on a target computer and deploys across workstation servers and corporations. During this course, it collects their computer resources for mining and then mines the victim P.C. for cryptocurrencies. The threat of cryptocurrency miners seems to be increasing with the popularity of cryptocurrencies. Moreover, PowerGhost is found to have affected many servers belonging to corporations for illegal intentions. Outside the suspicion of the system administrators and antivirus software, the hackers delivered a malware over a clean file by deploying a “fileless technique”. PowerGhost used a PowerShell script for delivering the base code. It is a protective shellcode for hiding the exploit and the code containing the illicit miner.
In order to avoid getting flagged, hackers are increasingly becoming smart with the implementation of several tactics. Few of such tactics are running of additional software to slow down the CPU fans, artificially showing low computing power usage and switching off mining software when the user is active. In this way, the illegal mining software would go unnoticed leading to exponential profits for the attacker. This kind of illicit mining is called as “crypto jacking”. As per data collected by Kaspersky Labs, traditional cybercrime tactics are reportedly getting replaced by crypto jacking.