PowerGhost raises new crypto-mining software concerns

Kaspersky Lab researchers have found a new crypto-currency miner – PowerGhost – which has hit corporate networks in several regions, mostly in Latin America.

Crypto-currency miners are a hot cybersecurity topic right now, with the threat sky rocketing in recent times, replacing ransomware as the main type of malicious software, as recent research highlighted. However, the emergence of PowerGhost adds a new dimension to the trend, demonstrating, as it does, that malicious miner developers are shifting to targeted attacks to make more money.

It uses multiple fileless techniques to discreetly gain a foothold in corporate networks. Machine infection occurs remotely through exploits or remote administration tools. When the machine is infected, the main body of the miner is downloaded and run without being stored on the hard disk. Once this has happened, cybercriminals can arrange for the miner to automatically update, spread within the network, and launch the crypto-mining process.

“PowerGhost raises new concerns about crypto-mining software. The miner we examined indicates that targeting consumers is not enough for cybercriminals anymore – threat actors are now turning their attention to enterprises too. Crypto-currency mining is set to become a huge threat to the business community,” says David Emm, Principal Security Researcher at Kaspersky Lab.

Further info on PowerGhost can be found here.