Researchers at Minerva Labs uncovered a new form of cryptocurrency-mining malware, dubbed GhostMiner, which uses fileless malware delivery techniques to land on systems. If other cryptojacking malware is already on the system, it will fight to remove it in order to earn Monero.
The mining elements of GhostMiner are built into a malicious Windows executable. It takes advantage of PowerShell frameworks to deploy fileless techniques that hide the malware to such an extent it went undetected by a number of security products. GhostMiner spreads by looking to attack WebLogic servers, which researchers suggest is achieved by randomly probing IP addresses every second in the hope of finding a target. In order to ensure the most success possible, GhostMiner works to eliminate any other malicious mining tool installed on the system before it begins to acquire Monero for itself.
Read more about the GhostMiner cryptocurrency-mining malware that uses highly aggressive tactics, which researchers have reverse engineered to help provide protection, on ZDNet.