In research published July 26, 2018, Kaspersky Lab identified a new type of cryptojacker, which it dubbed PowerGhost for the malware's ability to stealthily embed itself into a system and spread across corporate networks.
The malware has been recognized in business networks globally, including North America and Europe, but with the highest occurrences so far in India, Brazil, Columbia, and Turkey.
PowerGhost is a fileless cryptocurrency mining malware (also known as a cryptojacker) that can hide itself in one machine before spreading across every computer and server in a given network. Due to PowerGhost's fileless nature, and the fact that it does not reside on a system's hard drive, it can be missed by antivirus technologies.
Machines can be infected when using "exploits or remote administration tools," like Windows Management Instrumentation. The malware is then able to duplicate itself and affect further machines across the network.
"PowerGhost raises new concerns about crypto-mining software," said David Emm, principal security researcher at Kaspersky Lab, speaking to ZDNet. "Threat actors are now turning their attention to enterprises too. Crypto-currency mining is set to become a huge threat to the business community."
Kaspersky Lab also found some DDoS functionality in the malware, indicating it could have further potential to attack business systems and cause downtime. Though, why a cryptojacker would want to disrupt its host system's ability to mine is unclear: More likely, this might indicate the malware's usefulness for purposes outside of pirating mined cryptocurrencies. However, the DDoS function was found to copy files to the hard drive, so would be more easily detectable by antivirus software.
Running antivirus software and ensuring software is always fully patched and up to date are two ways to help protect against such risks. Businesses may need to pay particular attention to their systems and employ specialist software or advisors if they feel particularly at risk.
Surprisingly, this type of malware can also attack less powerful computerized systems without being noticed, including queue management systems and point of sale terminals.
In February 2018, cybersecurity firm Netlab 360 discovered a cryptojacking malware that used Android phones and even some televisions to illegitimately mine Monero. Malware attacks on organizations are not uncommon. In the same month, 4,000 US and UK websites running a reading assistance application were affected by cryptojacking malware. Website visitors were subsequently unaware they were mining cryptocurrency for hackers while browsing the affected sites.
Businesses might want to be at least a little afraid of PowerGhost and other types of cryptocurrency mining malware and ransomware. Such attacks can lead to direct and indirect financial losses, as well as damage to reputation, depending on the nature of the attack and any affects to customers.