Kaspersky Lab has revealed the scope and model of the new malware dubbed "PowerGhost". It attacks mainly corporate networks and infects everything from personal trackers to server complexes. But PowerGhost is not interested in the contents of the memory of these systems, the malware only forces them to mine an unknown cryptocurrency, but in truly titanic volumes.
Kaspersky Lab says that the percentage of attacks for installing software for hidden cryptomining in the world has grown by 80% since last year. If 2017 will be remembered as the “year of blockers”, WannaCry and NotPetya, then the current one is characterized by a surge in interest in cryptocurrencies. The cybercriminals were not interested in confidential information, but in the computing power of digital devices.
Perhaps this should be called "cyber parasitism." PowerGhost does not block access to the infected system, but seeks to use the maximum of its resources for its own purposes. It does not control the operation of the PC, but simply spins in its memory, forcing the machine to perform time-consuming tasks and send small amounts of data outside. They are extremely difficult to trace across the corporate network, and the end user often does not realize that his workstation is infected.
The initiator of the attack does not make a direct profit, he does not care about the rate at which the malware spreads and the speed of mining, he does not contact the victim in any way, for lack of a clear definition of such. A simple, safe way of making money, a new faceless threat, which will be very difficult to fight, is predicted by Kaspersky Lab. But every cloud has a silver lining - ordinary users can breathe easy, because their spicy photos and personal accounts are now of little interest to anyone.