0330 332 5842
innovate@altiatech.com
Crypto-miners are becoming alarmingly widespread. In fact, a new form of sophisticated miner was lately discovered. The miner, named GhostMiner, uses advanced techniques copied from the malware world.
For example, it uses Windows built-in PowerShell framework to run in file-less mode. This technique is popular practice used by malware, allowing them to run completely from memory, leaving no trace on the file system. As a result, GhostMiner is less susceptible to detection by conventional anti-malware solutions. Furthermore, GhostMiner looks to spread at the environment. It scans random IP addresses, looking to attack servers running MSSQL, Oracle WebLogic and phpMyAdmin.
GhostMiner also leverages a hard-coded blacklist to hunt down and kill competing miners on the victim machine. Though this kind of behaviour was observed in the past, and it’s not completely new, it gives us a closer look at the author’s nefarious intentions.
The good news is that SentinelOne protects against GhostMiner. With its unique machine learning techniques, SentinelOne technology detects the miner behavioural patterns and prevents it from running.
SentinelOne agent detects the lateral movement and the usage of file-less PowerShell-based malware, as presented at the SentinelOne console. It then mitigates the threat, by killing the malicious process. All of that is done in few milliseconds.
Altiatech is a trusted SentinelOne partner. To find out
more about SentinelOne, please contact innovate@altiatech.com
Like this article? Follow us on LinkedIn , Twitter or Facebook for more updates.