Scam of the Week – PowerGhost Cryptomining Malware Attacks Computers Worldwide

August 2, 2018 4:45 pm Geraldine Strawbridge

Security experts have discovered a new form of cryptojacking malware that is targeting corporate networks in multiple countries across the world.

The fileless malware was identified by researchers at the Kaspersky lab and was aptly named PowerGhost due to its ability to secretly embed itself on a system and then spread across other networks by infecting both PCs and servers.

As soon as the malware is installed on a computer, it starts to mine an undisclosed cryptocurrency. The more machines that are infected, the more profit the criminals will stand to make from the attack.

The malware has been detected by corporations throughout Europe and North America, however, the largest concentration of infected networks has been found in India, Brazil, Columbia and Turkey.

Image: PowerGhost worldwide infection rates

Source: Kaspersky Lab

The fileless nature of PowerGhost has made it almost invisible to spot using traditional anti-virus software, and as such, it is a lot harder to detect than other cryptomining malware.

David Emm, principal security researcher at Kaspersky Lab, commented on the new malware: “PowerGhost raises new concerns about cryptomining software. The miner we examined indicates that targeting consumers is not enough for cybercriminals anymore – threat actors are now turning their attention to enterprises too.”

Kaspersky Lab also noted that the cryptomining software had the capability to be used for conducting a DDoS attack. A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.

It’s likely that the creators of PowerGhost added in this extra element as a way of generating additional income, however as this functionality copies files to the hard drive, it also raises the chances of it being detected by antivirus software.

Cybercriminals are increasingly turning to cryptomining malware as it enables them to make a higher profit with less chance of being caught out. By getting a victim to click on a malicious link in an email, or by infecting a website with JavaScript code, attackers can secretly use an individual’s computer to mine cryptocurrency.

A recent report from Skybox Security found that that crypto mining malware now accounts for 32 percent of all cyberattacks, while ransomware only makes up 8 percent.

To protect yourself against this type of malware, you should

  • Never click on suspicious links or download attachments from unknown sources
  • Install antivirus software
  • Ensure software is up to date to prevent attackers taking advantage of vulnerabilities in older software
  • Educate and train employees on the growing range of cyber security threats

Related articles:

What to do if you click on a Phishing Link

How to Promote Cyber Security Awareness in your Organisation

10 signs your smartphone has been hacked

MetaPhish has been designed to provide the first line of defence against phishing and ransomware attacks. Contact us for further information on how we can help protect your business from this growing threat.