Kaspersky researchers have identified a new cryptojacking method named PowerGhost that targets corporate networks worldwide in order to generate optimal mining profits.
Cryptomining malware are software programs that takes over computer’s resources without authorization and modify them for cryptocurrency mining.
According to Kaspersky, the cryptojacking malware uses a combination of PowerShell and Eternal Blue to intrude PCs.
PowerShell is a “.NET Framework that is a task-based command-line shell and scripting language” created particularly for computer administrators and power-users to quickly automate the management of multiple operating systems.
EternalBlue is an exploit built by the National Security Agency [NSA], as per information revealed by ex NSA employees. The exploit is believed to have been used to carry out several cyber and malware attacks worldwide.
The fileless malware PowerGhost has the ability to secretly attach itself to a single PC or network and effectively spread to other PCs and servers across various organizations.
Kaspersky Lab is an international cyber security firm that is involved in “deep threat intelligence and security expertise,” effectively providing robust security solutions and related services to governments and enterprises.
The Kaspersky researchers identified the malware across enterprise networks around the world, including Brazil, India, Turkey and Columbia. PowerGhost is also spread across Europe and North America.
The malware starts mining cryptocurrency using the infected system’s resources and then directs the rewards to a remote wallet owned by hacker.
David Emm, principal security researcher at Kaspersky Lab, said
“PowerGhost raises new concerns about crypto-mining software. The miner we examined indicates that targeting consumers is not enough for cybercriminals anymore – threat actors are now turning their attention to enterprises too.”
Emm further stated
“Crypto-currency mining is set to become a huge threat to the business community.”