News on Medial

Researchers spot cryptojacking attack that disables endpoint protections

ArstechnicaArstechnica · 6m
Researchers spot cryptojacking attack that disables endpoint protections

Researchers have identified sophisticated malware that disables antivirus protections, removes evidence of infection, and permanently installs cryptocurrency-mining software on machines. The malware, named GhostEngine, targets endpoint security solutions and hides any sign of a breach by disabling Windows event logs. Once active, GhostEngine scans for endpoint protection software and uses known vulnerabilities to gain access to the core of the operating system, eventually installing cryptocurrency-mining software that deposits the coins into an attacker-controlled wallet. The malware also establishes persistent access and can act as a backdoor, allowing remote command execution on the infected machine.

Comments

Download the medial app to read full posts, comements and news.