Malicious crypto-miners have invaded the cyberspace over the past year, due to the massive increase in the value of crypto-currency.
The most recent miner malware discovered by malware researchers is GhostMiner. This miner adopted the most effective techniques used by other malware families, including fileless infection attacks.
GhostMiner is mining Monero crypto-currency by using PowerShell evasion frameworks – Out-CompressedDll and Invoke-ReflectivePEInjection.
During the malware analysis, researchers found that each of the malware’s components was designed for a different purpose: one PowerShell script to ensure propagation to new machines, and another to perform the actual mining operations.
It was also discovered that is using a PowerShell script to infect new victims targets servers running Oracle’s WebLogic by leveraging the CVE-2017-10271 vulnerability, MSSQL, and phpMyAdmin.
Hackers are always finding new ways to make millions of dollars by hijacking computers to secretly perform cryptocurrency mining in the background without users’ knowledge or consent.
Because of this cryptocurrency mining is now the biggest cybersecurity problem.
This problem can be easily evaded if a robust cybersecurity solution is present in every device that you own. Depending on which version of OS is installed on your device it is imperative to install an antivirus for Windows or antivirus for Mac. Companies should also use the services of a cybersecurity firm to verify their internal network by running various tests like penetration test and ethical hacking tests.
Communication with the C&C server was done via HTTP through Base64-encoded requests and replies. The protocol the malware uses to exchange messages involves a simple handshake followed by request to perform various tasks.
This malware is launched directly from memory; the mining component is a slightly customized version of the open source XMRig miner.
This mining operation had been running for about three weeks, and the cybercriminals have made only 1.03 Monero based on the employed wallet.
A potential explanation for the low ‘revenues’ of the GhostMiner campaign is the competitive rivalry between mining gangs. There are plenty of potential victims, but the exploits and techniques they use are public and because of this many try to infect the same vulnerable devices.
During the malware analysis, researchers found out that this sample fo GhostMiner contained a variety of techniques meant to kill the process of any other miner running on the targeted machine.
Remember that only a robust cybersecurity solution can protect your device form all types of unwanted or bogus miners. The use of an active antivirus is mandatory. We strongly recommend to everyone to install an antivirus for Windows or antivirus for Mac, depending on which version of OS your devices run. If you are a company, please check your network integrity by hiring top cyber security firms to perform various tests like penetration test and ethical hacking tests at least once a year.