GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack
May 22, 2024 at 05:47AM Cybersecurity researchers have identified a new cryptojacking campaign, known as REF4578 or HIDDEN SHOVEL, using a Bring Your Own Vulnerable Driver (BYOVD) attack to disable security solutions. The campaign employs an intricate method involving PowerShell scripts, scheduled tasks, and various modules to deploy the XMRig miner and evade detection. Additionally, … Read more