Monday, Sep 28, 2020 | Last Update : 05:44 AM IST

188th Day Of Lockdown

Maharashtra1339232103001535571 Andhra Pradesh6756746050905708 Tamil Nadu5808085251549313 Karnataka5755664622418582 Uttar Pradesh3870853258885594 Delhi2644502284365147 West Bengal2410592110204665 Odisha201059165432820 Telangana1858331544991100 Bihar175898161510881 Assam167374136712625 Kerala160935111327636 Gujarat1303911105923394 Rajasthan1247301042881412 Haryana1205781012731273 Madhya Pradesh117588932382152 Punjab107096840253134 Chhatisgarh9856566860777 Jharkhand7770964515661 Jammu and Kashmir69832495571105 Uttarakhand4533233642555 Goa3107125071386 Puducherry2548919781494 Tripura2412717464262 Himachal Pradesh136799526152 Chandigarh112128677145 Manipur9791760263 Arunachal Pradesh8649623014 Nagaland5768469311 Meghalaya5158334343 Sikkim2707199431 Mizoram178612880
  Technology   Mobiles & Tabs  31 Jul 2018  PowerGhost: New cryptominer found preying on corporates

PowerGhost: New cryptominer found preying on corporates

Published : Jul 31, 2018, 1:51 pm IST
Updated : Jul 31, 2018, 1:51 pm IST

PowerGhost is distributed within corporate networks, infecting both workstations and servers.

Machine infection occurs remotely through exploits or remote administration tools. (Photo: Pixabay)
 Machine infection occurs remotely through exploits or remote administration tools. (Photo: Pixabay)

Kaspersky Lab researchers have found a new crypto-currency miner called PowerGhost, which has hit corporate networks in several regions, mostly in Latin America. This is the latest in a worrying trend of cybercriminals increasingly using miners in targeted attacks, in their pursuit of money. As this trend grows, enterprises will be put at risk, as miners sabotage and slow down their computer networks, damaging overall business processes and lining their own pockets in the process.

Crypto-currency miners are a hot cybersecurity topic right now. This specialist “mining” software creates new coins by using the computing power of a victim PC and mobile devices. Malicious miners do so at the expense of other users, capitalising on the power of their computers and devices without their knowledge. The threat has skyrocketed in recent times, replacing ransomware as the main type of malicious software, as previous Kaspersky Lab research has shown. However, the emergence of PowerGhost adds a new dimension to the trend. It demonstrates that malicious miner developers are shifting to targeted attacks to make more money, as Kaspersky Lab researchers had previously predicted.


PowerGhost is distributed within corporate networks, infecting both workstations and servers. The main victims of this attack so far have been corporate users in Brazil, Colombia, India, and Turkey. Interestingly enough, PowerGhost uses multiple fileless techniques to discreetly gain a foothold in corporate networks — meaning that the miner does not store its body directly onto a disk, increasing the complexity of its detection and remediation.

Machine infection occurs remotely through exploits or remote administration tools. When the machine is infected, the main body of the miner is downloaded and run without being stored on the hard disk. Once this has happened, cybercriminals can arrange for the miner to automatically update, spread within the network, and launch the crypto-mining process.


“PowerGhost attacks on businesses, for the purpose of installing miners, raise new concerns about crypto-mining software. The miner we examined indicates that targeting users is not enough — cybercriminals are now turning their attention to enterprises too. And this makes crypto-currency mining a threat to the business community,” said Vladas Bulavas, a malware analyst at Kaspersky Lab.

Kaspersky Lab products detect the threat as:

  • PDM:Trojan.Win32.Generic
  • PDM:Exploit.Win32.Generic
  • HEUR:Trojan.Win32.Generic
  • not-a-virus:HEUR:RiskTool.Win32.BitMiner.gen

To reduce the risk of infection with miners, users are advised to:


  • Always keep software updated on all the devices you use. To prevent miners from exploiting vulnerabilities, use tools that can automatically detect vulnerabilities and download and install patches.
  • Don’t overlook less obvious targets, such as queue management systems, POS terminals, and even vending machines. Such equipment can also be hijacked to mine cryptocurrency.
  • Use a dedicated security solution that is empowered with application control, behaviour detection, and exploit prevention components that monitor the suspicious actions of applications and block malicious file executions. Kaspersky Endpoint Security for Business includes these functions.
  • To protect the corporate environment, educate your employees and IT teams, keep sensitive data separate and restrict access.

Click on Deccan Chronicle Technology and Science for the latest news and reviews. Follow us on Facebook, Twitter


Tags: cryptomining, cryptocurrency, corporate, cybercrime