Video: Cryptocurrency mining raises GPU prices, causes shortage
As cryptocurrency-mining malware becomes more popular among cybercriminals, they’re altering their tactics in order to increase the chances of making as much money as possible from exploited systems — now even going as far as killing other cryptojacking malware that has previously compromised the same servers.
Researchers at Minerva Labs uncovered a new form of cryptocurrency-mining malware, dubbed GhostMiner, which uses fileless malware delivery techniques to land on systems. If other cryptojacking malware is already on the system, it will fight to remove it in order to earn Monero.
The mining elements of GhostMiner are built into a malicious Windows executable. It takes advantage of PowerShell frameworks to deploy fileless techniques that hide the malware to such an extent it went undetected by a number of security products.
GhostMiner spreads by looking to attack WebLogic servers, which researchers suggest is achieved by randomly probing IP addresses every second in the hope of finding a target.
Download now: Information security policy
In order to ensure the most success possible, GhostMiner works to eliminate any other malicious mining tool installed on the system before it begins to acquire Monero for itself.
Researchers note that the malware uses a number of techniques to eliminate the competition. These include killing running miners by using PowerShell’s “Stop-Process-force” command with the aid of a hard-coded blacklist, stop and delete…