During the last couple of months, mining malware has become fairly common, given the profitability it brings attackers. Now, Kaspersky Lab researchers have reportedly discovered a new cryptojacking malware, infecting corporations throughout the world.
Dubbed as PowerGhost, the fileless malware works by using a computer’s native processes to hijack computers, and then proceeds to use hardware power to mine cryptocurrency. So far, the malware has been found on computers in Turkey, Brazil, Colombia and India.
According to Kaspersky Labs, the malware “is capable of stealthily establishing itself in a system and spreading across large corporate networks infecting both workstations and servers”. At this time, security experts aren’t sure which coin PowerGhost is mining.
Researchers have pointed out that illegal crypto miners are growing in popularity, as attackers throughout the world embed malicious software in websites, apps and computers, used both by individuals, but also by businesses.
In a recent press statement for ZDNet, David Emm, a principal security researcher, mentioned that:
“PowerGhost raises new concerns about crypto-mining software. The miner we examined indicates that targeting consumers is not enough for cybercriminals anymore – threat actors are now turning their attention to enterprises too. Cryptocurrency mining is set to become a huge threat to the business community.”
Given the profitability of cryptojacking malware, attackers are investing more resources into creating smarter miners that evade common anti-virus apps. Additionally, ransom-ware Trojans, which were popular for years, are now being replaced with miners.
Currently, there are several ways to tell if your PC has been infected. Firstly, GPUs that have not been designed for mining purposes will likely run slower once infected, whereas processing power will seem limited. Additionally, according to Alex Vaystikh, the CTO at SecBI, “To mine any cryptocurrency, you must be able to communicate, to receive new hashes and then, after calculating them, return them to the servers and put them in the correct wallet.” In other words, monitoring networks for suspicious activity may be a method of combating cryptojacking.