It's estimated that hundreds of thousands of malicious programs are created every day. Kaspersky Lab has identified yet another serious cryptojacking threat, this time affecting business systems.
In research published July 26, 2018, Kaspersky Lab identified[1] a new type of cryptojacker, which it dubbed PowerGhost for the malware's ability to stealthily embed itself into a system and spread across corporate networks.
The malware has been recognized in business networks globally, including North America and Europe, but with the highest occurrences so far in India, Brazil, Columbia, and Turkey.
PowerGhost is a fileless cryptocurrency mining malware (also known as a cryptojacker) that can hide itself in one machine before spreading across every computer and server in a given network. Due to PowerGhost's fileless nature, and the fact that it does not reside on a system's hard drive, it can be missed by antivirus technologies.
Machines can be infected when using "exploits or remote administration tools," like Windows Management Instrumentation. The malware is then able to duplicate itself and affect further machines across the network.
"PowerGhost raises new concerns about crypto-mining software," said David Emm, principal security researcher at Kaspersky Lab, speaking to ZDNet[2]. "Threat actors are now turning their attention to enterprises too. Crypto-currency mining is set to become a huge threat to the business community."
Kaspersky Lab also found some DDoS[3] functionality in the malware, indicating it could have further potential to attack business systems and cause downtime. Though, why a cryptojacker would want to disrupt its host system's ability to mine is unclear: More likely, this might indicate the malware's usefulness for purposes outside of pirating mined cryptocurrencies. However, the DDoS function was found to copy files to the hard drive, so would be more easily detectable by antivirus
