MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Scam of the Week – PowerGhost Cryptomining Malware Attacks Computers Worldwide

Security experts have discovered a new form of cryptojacking malware that is targeting corporate networks in multiple countries across the world.

The fileless malware was identified by researchers at the Kaspersky lab and was aptly named PowerGhost due to its ability to secretly embed itself on a system and then spread across other networks by infecting both PCs and servers.

As soon as the malware is installed on a computer, it starts to mine an undisclosed cryptocurrency. The more machines that are infected, the more profit the criminals will stand to make from the attack.

The malware has been detected by corporations throughout Europe and North America, however, the largest concentration of infected networks has been found in India, Brazil, Columbia and Turkey.

Image: PowerGhost worldwide infection rates

Scam of the Week - PowerGhost Cryptomining Malware Attacks Computers Worldwide

Source: Kaspersky Lab

The fileless nature of PowerGhost has made it almost invisible to spot using traditional anti-virus software, and as such, it is a lot harder to detect than other cryptomining malware.

David Emm, principal security researcher at Kaspersky Lab, commented on the new malware: “PowerGhost raises new concerns about cryptomining software. The miner we examined indicates that targeting consumers is not enough for cybercriminals anymore – threat actors are now turning their attention to enterprises too.”

Kaspersky Lab also noted that the cryptomining software had the capability to be used for conducting a DDoS attack. A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.

It’s likely that the creators of PowerGhost added in this extra element as a way of generating additional income, however as this functionality copies files to the hard drive, it also raises the chances of it being detected by antivirus software.

Cybercriminals are increasingly turning to cryptomining malware as it enables them to make a higher profit with less chance of being caught out. By getting a victim to click on a malicious link in an email, or by infecting a website with JavaScript code, attackers can secretly use an individual’s computer to mine cryptocurrency.

A recent report from Skybox Security found that that crypto mining malware now accounts for 32 percent of all cyberattacks, while ransomware only makes up 8 percent.

To protect yourself against this type of malware, you should

  • Never click on suspicious links or download attachments from unknown sources
  • Install antivirus software
  • Ensure software is up to date to prevent attackers taking advantage of vulnerabilities in older software
  • Educate and train employees on the growing range of cyber security threats

Related articles:

What to do if you click on a Phishing Link

How to Promote Cyber Security Awareness in your Organisation

10 signs your smartphone has been hacked

MetaPhish has been designed to provide the first line of defence against phishing and ransomware attacks. Contact us for further information on how we can help protect your business from this growing threat.

about the author

sharing is caring

Share on linkedin
Share on twitter
Share on facebook

you might enjoy reading these

Request Demo

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

  • email you content that you have requested from us
  • with your consent, occasionally email you with targeted information regarding our service offerings
  • continually honour any opt-out request you submit in the future
  • comply with any of our legal and/or regulatory obligations
  • All fields are required. No free emails.

  • This field is for validation purposes and should be left unchanged.