City of Atlanta IT Systems Hit by SamSam Ransomware CoinMiner Campaigns Move to the Cloud via Docker, Kubernetes TrickBot Banking Trojan Gets Screenlocker Component New R2D2 Technique Protects Files Against Wiper Malware Opera 52 Released With Faster Ad Blocking and New Tab Features InsaneCrypt (desuCrypt) Decrypter Remove the Something went wrong with your Internet Service Scam Remove the Smart PC Tweaker PUP Remove the Unable to locate Windows License Key Data File Support Scam Remove Security Tool and SecurityTool (Uninstall Guide) How to remove Antivirus 2009 (Uninstall Instructions) How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller Locky Ransomware Information, Help Guide, and FAQ CryptoLocker Ransomware Information Guide and FAQ CryptorBit and HowDecrypt Information Guide and FAQ CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ Restrict What Personal Data Is Shared on the Facebook API Platform How to Delete Your Facebook Account How to Deactivate a Facebook Account How to Backup Your Facebook Posts, Images, and Data How to start Windows in Safe Mode How to remove a Trojan, Virus, Worm, or other Malware How to show hidden files in Windows 7 How to see hidden files in Windows Security researchers from Minerva Labs have discovered a new strain of cryptocurrency-mining malware that uses PowerShell code to obtain fileless execution, and scans and stops the process of other miners that might be running on the same infected host. But in spite of all these highly advanced techniques, this coinminer strain —codenamed GhostMiner by researchers— has failed to earn any substantial revenue for its creators.

Experts say that after a three-week-long campaign, GhostMiner only racked up 1.03 Monero, which is worth only around $200, at the time of writing. This is peanuts compared to other coinmining crews who managed to rack up tens or hundreds of thousands, with one crew making nearly $3 million.

But while GhostMiner appears to be a resounding failure in terms of operational success, the malware is certainly not a technical fiasco. For starters, this appears to be the first fileless cryptocurrency miner malware strain detected.

The fileless technique has become quite popular with malware in recent years, allowing them to run malicious code directly from memory, without leaving files on disk, hence fewer artifacts that classic antivirus engines could detect. Further, GhostMiner also employs another advanced technique, of hunting competing miners and shutting down their processes.

The technique isn’t new, as it’s been used by another nondescript coinminer strain, but this shows that GhostScript’s author has put a lot more thought into assembling his code than most other crooks. As for targeting, GhostMiner can infect systems running MSSQL, phpMyAdmin, and Oracle WebLogic servers. Read more from…

thumbnail courtesy of