GhostMiner Uses Fileless Techniques, Removes Other Miners, But Makes Only $200

[Faybert]

Security researchers from Minerva Labs have discovered a new strain of cryptocurrency-mining malware that uses PowerShell code to obtain fileless execution, and scans and stops the process of other miners that might be running on the same infected host.

But in spite of all these highly advanced techniques, this coinminer strain —codenamed GhostMiner by researchers— has failed to earn any substantial revenue for its creators.

Experts say that after a three-week-long campaign, GhostMiner only racked up 1.03 Monero, which is worth only around $200, at the time of writing.
...
...

GhostMiner uses advanced techniques
But while GhostMiner appears to be a resounding failure in terms of operational success, the malware is certainly not a technical fiasco.

For starters, this appears to be the first fileless cryptocurrency miner malware strain detected. The fileless technique has become quite popular with malware in recent years, allowing them to run malicious code directly from memory, without leaving files on disk, hence fewer artifacts that classic antivirus engines could detect.
...
...

 

[HarborFront]

@HeiDef

Can MinerOff remove it?

Update - MinerOff(1.2018.81.648)-Browser protection from embedded crypto miners.

 

[HeiDef]

@HeiDef

Can MinerOff remove it?

Update - MinerOff(1.2018.81.648)-Browser protection from embedded crypto miners.

MinerOff measures browser resource usage to detect and block possible javascript miners. The miner mentioned here appears to spread via an exploit to gain a foothold on the system outside of the browser so MinerOff would not be looking for that.