'GhostMiner' Malware Kills Other Crypto-Miners So It Can Work Alone
27 March 2018 - 4:06AM
ADVFN Crypto NewsWire
Bitcoin Global News (BGN)
March 26, 2018 -- ADVFN Crypto NewsWire -- A new mining malware,
dubbed ‘GhostMiner’ by its discoverer Minerva Labs
(minerva-labs.com), is the first crypto-jacking infection to ensure
maximum profit by killing off its rivals. GhostMiner is also the
first ‘fileless’ mining malware, running code directly from memory
without leaving files on disk.
If another crypto-jacking malware is already in the system,
GhostMiner will remove it so that it alone can mine Monero
cryptocurrency coins. GhostMiner first searches for and kills all
miners on its blacklist using the Windows End Process force
command, and then removes any remaining miners by going through a
list of ports associated with miners and stopping any miners it
finds.
Cryptocurrency mining has become as lucrative for cybercriminals
as ransomware. But, as far as we know, GhostMiner has so far earned
only around 1.5 Monero worth $300; small change compared with the
Jenkins miner that made $3 million in Monero earlier this year. But
GhostMiner’s author may be hiding additional funds elsewhere
according to Minerva Labs, “It is highly plausible that there are
other addresses used in this campaign, undetectable due to Monero's
anonymity features.”
GhostMiner’s author put in a lot of hours assembling its
aggressive code. A fully deployed GhostMiner payload is currently
undetectable by all brand name antivirus engines. It spreads by
randomly probing IP addresses until it finds a target, and then
gains a foothold in the new victim’s system by burying itself
inside of two nested evasion scripts, then running the scripts to
launch into its fileless operational mode, from which it downloads
its coinmining component.
The efforts of GhostMiner's author will not go to waste. Minerva
Labs is using GhostMiner’s code against it and other mining malware
with a script extracted from GhostMiner that they call MinerKiller.
Minerva Labs said, “It implements all the aforementioned tactics –
removing known processes, tasks, and services by name and
unfamiliar ones by arguments or TCP connections typical to miners.”
Incident response teams can write their own scripts for removing
malicious miners by downloading MinerKiller from GitHub.
By: BGN Editorial Staff
Cardano (COIN:ADAUSD)
Historical Stock Chart
From Apr 2024 to May 2024
Cardano (COIN:ADAUSD)
Historical Stock Chart
From May 2023 to May 2024