New cryptojacking malware PowerGhost targets corporate networks
Security company Kaspersky Lab has discovered a new malware that uses business computers and servers to mine cryptocurrencies.
The malware, dubbed PowerGhost, has the ability to embed itself undetected in a system and spread across networks. According to Kaspersky, the cryptojacking malware starts by infecting one machine and then spreads to all workstations and servers connected to an organization’s local area network.
The malware is a combination of PowerShell script, which contains add-on modules that perform the mining tasks, and EternalBlue, which helps the malware spread across the network unnoticed. This combination, according to Kaspersky experts, makes it very hard to detect PowerGhost in any network. And because it’s not stored on a hard drive, the malware can operate undetected for a long period of time.
The malware begins to work by using exploits or administration tools such as Windows Management Instrumentation. It inserts itself and slowly begins to execute its commands. The malware is designed to use power from the networks to mine cryptocurrencies, which are sent to the attacker’s wallet. The higher the number of infected machines, the higher the profits it generates, according to security experts. During the mining process, the attackers can compromise the infected network so as to get as much money as they can possibly make. Apart from mining, the malware can steal important information from the infected devices.
According to the Kaspersky report, several networks in India, Columbia, Brazil, Turkey and parts of North America and Europe have fallen victim to PowerGhost. Kaspersky also discovered that the malware could also be used for conducting DDoS attacks, allowing the perpetrators to earn more income.
“PowerGhost raises new concerns about crypto-mining software. The miner we examined indicates that targeting consumers is not enough for cybercriminals anymore—threat actors are now turning their attention to enterprises too. Crypto-currency mining is set to become a huge threat to the business community,” said David Emm, principal security researcher at Kaspersky Lab.
Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as SegWitCoin BTC coins; tokens on the Bitcoin Cash ABC chain are referenced as BCH, BCH-ABC or BAB coins. Altcoins, which value privacy, anonymity, and distance from government intervention, are referenced as dark coins.
Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.