kaspersky newest logo

PowerGhost: new file less crypto-miner targets corporate networks


Kaspersky Lab researchers have found a new crypto-currency miner – PowerGhost – which has hit corporate networks in several regions, mostly in Latin America. This is the latest in a worrying trend of cybercriminals increasingly using miners in targeted attacks, in their pursuitof money. As this trend grows, enterprises will be put at risk, as miners sabotage and slowdown their computer networks, damaging overall business processes and lining their own pockets in the process.

Crypto-currency miners are ahot cybersecurity topic right now. This specialist “mining” software creates new coins by using the computing power of a victim PC and mobile devices. Malicious miners do so at the expense of other users, capitalizing on the power of their computers and devices without their knowledge. The threat has sky rocketed in recent times, replacing ransomware as the main type of malicious software, as previous Kaspersky Lab research has shown. However, the emergence of PowerGhostadds a new dimension to the trend. It demonstrates that malicious miner developersare shifting to targeted attacks to make more money, asKaspersky Lab researchershad previously predicted.

PowerGhostis distributed within corporate networks, infecting both workstations and servers. The main victims of thisattack so far have been corporate users in Brazil, Colombia, India, and Turkey.Interestingly enough, PowerGhostuses multiple fileless techniques to discreetly gain a foothold in corporate networks – meaning that the minerdoes not store its body directly onto a disk, increasingthe complexity of its detection and remediation.

Machine infection occurs remotely through exploits or remote administration tools. When the machine is infected, the main body of the miner is downloadedand run without being storedon the hard disk.Once this has happened, cybercriminals can arrange for the miner to automatically update, spread within the network, and launch the crypto-mining process.

PowerGhostattacks on businesses, for the purpose of installing miners, raise new concerns about crypto-mining software. The miner we examined indicates that targeting users is not enough- cybercriminals are now turning theirattentionto enterprises too. And this makes crypto-currency mining a threat to the business community,said VladasBulavas, malware analystat Kaspersky Lab.

Kaspersky Lab products detect the threat as

  • PDM:Trojan.Win32.Generic
  • PDM:Exploit.Win32.Generic
  • HEUR:Trojan.Win32.Generic
  • not-a-virus:HEUR:RiskTool.Win32.BitMiner.gen

To reduce the risk of infection with miners, users are advised to:

  1. Always keep software updated on all the devices you use. To prevent miners from exploiting vulnerabilities, use tools that can automatically detect vulnerabilities and download and install patches.
  2. Don’t overlook less obvious targets, such as queue management systems, POS terminals, and even vending machines. Such equipment can also be hijacked to mine cryptocurrency.
  3. Use a dedicated security solution that is empowered with application control, behaviour detection, and exploit prevention componentsthat monitorthe suspicious actions of applications and block malicious file executions. Kaspersky Endpoint Security for Business includes these functions.

To protect the corporate environment, educate your employees and IT teams, keep sensitive data separate, and restrict access.

Leave a Reply

4 × 1 =