GhostMiner: Cryptomining Malware Goes Fileless
This post describes a recent attack Minerva’s research team dissected, dubbed GhostMiner, after our solution prevented this infection at a customer site. It provides an example of how malicious miners are evolving to use advanced fileless techniques to succeed in mining Monero and spreading silently on a global scale. In this attack, we also witnessed how competing miners are fighting each other to generate more income for themselves, removing other miners on the endpoint.
Minerva Labs analyzed the attack and presents a novel way of turning the tables on mining attackers by using their scripts to remove competitors, against them.