May 22, 2024 at 10:20AM A new malware named GhostEngine has been identified, targeting vulnerable drivers to disable endpoint detection and response solutions. It is used in a complex cryptomining campaign by an intrusion set labeled “REF4578.” The malware’s intricate features include disabling EDR, establishing persistence, installing a backdoor, and executing a cryptominer. Detection methods … Read more
May 22, 2024 at 05:47AM Cybersecurity researchers have identified a new cryptojacking campaign, known as REF4578 or HIDDEN SHOVEL, using a Bring Your Own Vulnerable Driver (BYOVD) attack to disable security solutions. The campaign employs an intricate method involving PowerShell scripts, scheduled tasks, and various modules to deploy the XMRig miner and evade detection. Additionally, … Read more
May 21, 2024 at 06:34PM The ‘REF4578’ crypto mining campaign deploys GhostEngine, a sophisticated malicious payload, using vulnerable drivers to disable security products and deploy an XMRig miner. Researchers highlight GhostEngine’s unusual sophistication and provide detection rules, but the campaign’s origin and scope remain unknown. To defend against GhostEngine, look out for suspicious PowerShell execution, … Read more