Minerva Labs researchers identified a new cryptocurrency miner GhostMiner which has some superior qualities in comparison to the older Monero mining software.
Cybercriminals are increasingly relying on malicious cryptominers as a way of making money online, often shifting from using ransomware or diversifying revenue streams.
GhostMiner uses advanced fileless (it runs from memory, rather than files) techniques to succeed in mining Monero and spreading silently on a global scale. It also runs script to remove any other running miners basically wiping out the competition and securing all available CPU resources.
To stay undetected, the executable relied on a couple of nested PowerShell evasion frameworks - Out-CompressedDll and Invoke-ReflectivePEInjection, which employed fileless techniques to conceal the presence of the malicious program.
This evasive approach was highly effective at bypassing many security tools: some of the payloads analyzed were fully undetected by all the security vendors
The miner works for the below Monero address:
43ZSpXdMerQGerimDrUviDN6qP3vkwnkZY1vvzTV22AbLW1oCCBDstNjXqrT3anyZ22j7DEE74GkbVcQFyH2nNiC3fchGfc
And it doesn't seem it's possible to check how much these folks managed to earn as:
Read more at Minerva-Labs:
https://blog.minerva-labs.com/ghostminer-cryptomining-malware-goes-fileless