Connect with us

Blogs

Minerva to Stop the Run of GhostMiner that is Solely Trying to Mine Monero

Published

on

Minerva
READ LATER - DOWNLOAD THIS POST AS PDF

In 2018, the cybercriminals are depending on malicious cryptocurrency miners who are using advanced exploit kits to make money online. The case of WaterMiner in late 2017 became quite popular. The security aspect was stepped up by the companies by upgrading their detection capabilities. However, the cybercriminals, as observed in the past, always remain a step ahead of the security vendors.

Recently, the research team of Minerva had detected a new malware called GhostMiner that is ‘killing’ existing miners to become the sole miner of Monero (XMR). This way GhostMiner was earning more XMR and depriving other miners. The research team of Minerva dissected GhostMiner after it had stopped the entry of the mining malware at a customer site. Such malware, as described by the Minerva team are using advanced fileless techniques to mine cryptocurrencies. It is, therefore, becoming increasingly difficult to identify the mining malware. However, Minerva Labs have succeeded in saving the Monero miners by the turning the tables on GhostMiner and using their scripts to remove them.

How GhostMiner Affected Monero

  • Using Advanced Fileless Techniques

The core activity of the mining malware, GhostMiner was executed by a compiled malicious Windows executable. PowerShell evasion frameworks like Invoke-ReflectivePEInjection and Out-CompressedDll gave the leeway to the executable to hide from the detecting agents. They used fileless techniques to mask the presence of GhostMiner. ps1, a PowerShell script had the role infecting new victims while another script of PowerShell (WM164.ps1 on x64 machines) was charged with mining Monero (XMR).

The path taken by GhostMiner successfully bypassed many security detectors and some of the analyzed payloads even remained fully undetected. However, the malware was detected by the same security vendors after the fileless technique was removed. Memory Injection Prevention of Minerva prevented the malware from making a fileless attack. Thus, the malware did not spread out and can no longer mine Monero (XMR) or any other cryptocurrency.

  • GhostMiner Targeting New Victims

Neutrino.ps1 searched out and attacked servers that run MSSQL, phpMyAdmin, and Oracle’s WebLogic. The attack mainly focused on the WebLogic servers and thus randomly searched out IP addresses, created multiple TCP connections. The core component of this attack conversed with its C2 server over HTTP. The process included encoding requests and answers in Base64. The indicators used by Minerva to detect the malware attacking Monero miners show that GhostMiner had created the malevolent HTTP requests to hide in companies with Chinese speaking users. Not all the techniques used by GhostMinerare new but it is the first time that a malware has used all of them together. The research done by Minerva shows that the operators of GhostMiner put a lot of effort into assembling their code. The attack launched on the Monero miners clearly rings the bell of warning for the security vendors.

Minerva’s Fight Against the Malevolent Crypto-Jacking Software

GhostMiner started its Monero mining operations only after it had eliminated all possible competition that they detected. The research team of Minerva capably analyzed the techniques that were deployed by the malicious malware. The script that turned the tables on the mining malware was named as MinerKiller.

  • PowerShell’s “Stop-Process-force” command was used to identify the running Monero miners and then eliminate them. They used a hard-coded blacklist to detect the miners.
  • The extension exe was used to stop and remove miner blacklisted services.
  • The researched team eradicated miners that run by the task name using exe as blacklisted scheduled tasks.
  • Commandline arguments were interpreted, analyzed and then used to stop and eliminate the miners.
  • Another strategy employed by Minerva was to go through the list of established TCP connections and identify the ports linked with the miners. The data were collected using

Conclusion

According to the Minerva team, one way of fighting mining malware like GhostMiner for the security vendors is by writing their own PowerShell scripts. It will help in identifying the unfamiliar tasks, services, and processes by arguments and TCP connections. These features will hopefully ward off any attempts of the cybercriminals in the mining process of cryptocurrencies.

We will be updating our subscribers as soon as we know more. For the latest on XMR, sign up below!

Disclaimer: This article should not be taken as, and is not intended to provide, investment advice. Global Coin Report and/or its affiliates, employees, writers, and subcontractors are cryptocurrency investors and from time to time may or may not have holdings in some of the coins or tokens they cover. Please conduct your own thorough research before investing in any cryptocurrency and read our full disclaimer.

Image courtesy of Bart via Flickr

Blogs

Reasons Why 2019 May Be A Great Year For Crypto

Published

on

crypto
READ LATER - DOWNLOAD THIS POST AS PDF

The new year was always considered to be a time of new beginnings, where people can reflect on the past and learn from their mistakes in order to be better in the future. The same is true for the world of crypto, and investors around the world are hoping for 2019 to be better, more profitable, and to have more success than 2018.

The hope for the future is even more important when we consider all the negative development in 2018. There were numerous high-profile hacking attacks, two market crashes, with a strong bear market in between. Not to mention that some of the biggest projects that may have brightened the year a bit ended up being delayed.

With that in mind, it is understandable why investors are looking forward to the new year and all the potential development that it may bring. In fact, there are several reasons why they should be excited about 2019.

1) Bearish market to loosen its grip

The first reason why 2019 can be a good year digital currencies is that it may finally break free of the bearish grip that has been felt ever since last January. Following the first market crash, the bears settled in, and the prices kept falling for an entire year. The market attempted to shake off the negativity on several occasions, with the biggest one being…

Continue Reading

Blogs

3 Coins with the Largest Potential in 2019

Published

on

coins
READ LATER - DOWNLOAD THIS POST AS PDF

2018 has been a pretty bad year for digital coins, and after the initial market crash that occurred a year ago, everyone was expecting a bull run that will fix things. Obviously, it never arrived, and instead of that, all that crypto market experienced was an entire bearish year and another crash in mid-November.

Now, however, it is a brand new year, and attempts to shake off the bears’ grip can be seen even in these first two weeks. The market is still struggling and mostly losing value, rather than gaining, with most coins being in trouble once more. Still, a lot can happen in a year, and most investors remain optimistic regarding 2019. Here are some of the coins that are believed to have tremendous potential, and to be the hope of this year.

  1. Bitcoin (BTC)

Of course, Bitcoin comes first. This is the first cryptocurrency which is still dominating the market, with no other coin being even close to its market cap or price. BTC is the coin that has reached the most prominent heights, and it also lost the most in the previous year. However, there is still hope, as there are several projects and events scheduled for this year that might turn things around for the number one coin.

One thing that is expected is the approval of Bitcoin ETFs…

Continue Reading

Blogs

Do or Die: 3 Crypto Projects that Really Need to Deliver Soon

Published

on

crypto projects
READ LATER - DOWNLOAD THIS POST AS PDF

Crypto projects have gone through several crucial periods of development, and while it is fascinating to watch their progress to maturity, a lot of investors are becoming impatient. During the first few years, they were barely known, only talked about in specific groups, among those developers and investors who had the luck to find out about them in the early days.

The next several years, altcoins started appearing, and the voice of cryptocurrency slowly started to spread. Then, there was a period of hype, when crypto exploded, and the entire world finally learned about this new technology that promised to change the world. Naturally, the overhype led to a market crash and price correction that we experienced last year, but the impact was made, and the world is still talking about them on a daily basis.

However, now is the time for cryptos to deliver on their promise, grow up, and start showing results. There are high expectations for many projects, but for various reasons, they have yet to deliver, and many are hoping that 2019 will be the year when they finally do it. Let’s see which 3 crypto projects really need to show results, and soon.

1) Ethereum (ETH)

Are you surprised to see Ethereum at the first spot? The project has been a top cryptocurrency for years, why would it be in danger now?…

Continue Reading

Elite