GhostMiner Uses Fileless Techniques, Removes Other Miners, But Makes Only $200

Faybert

Level 24
Thread author
Verified
Top Poster
Well-known
Jan 8, 2017
1,318
Security researchers from Minerva Labs have discovered a new strain of cryptocurrency-mining malware that uses PowerShell code to obtain fileless execution, and scans and stops the process of other miners that might be running on the same infected host.

But in spite of all these highly advanced techniques, this coinminer strain —codenamed GhostMiner by researchers— has failed to earn any substantial revenue for its creators.

Experts say that after a three-week-long campaign, GhostMiner only racked up 1.03 Monero, which is worth only around $200, at the time of writing.
...
...
GhostMiner uses advanced techniques
But while GhostMiner appears to be a resounding failure in terms of operational success, the malware is certainly not a technical fiasco.

For starters, this appears to be the first fileless cryptocurrency miner malware strain detected. The fileless technique has become quite popular with malware in recent years, allowing them to run malicious code directly from memory, without leaving files on disk, hence fewer artifacts that classic antivirus engines could detect.
...
...
 

HeiDef

From HeiDef
Verified
Developer
Mar 27, 2017
94

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top