GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack

2 months ago [email protected] (The Hacker News)
GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack


Cybersecurity researchers have discovered a new cryptojacking campaign that employs vulnerable drivers to disable known security solutions (EDRs) and thwart detection in what’s called a Bring Your Own Vulnerable Driver (BYOVD) attack.
Elastic Security Labs is tracking the campaign under the name REF4578 and the primary payload as GHOSTENGINE. Previous research from Chinese

The post “GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack” appeared first on The Hacker News

Source:The Hacker News – [email protected] (The Hacker News)

Tags: ,

More Stories

This AI-Powered Cybercrime Service Bundles Phishing Kits with Malicious Android Apps

16 hours ago [email protected] (The Hacker News)

Offensive AI: The Sine Qua Non of Cybersecurity

18 hours ago [email protected] (The Hacker News)

U.S. DoJ Indicts North Korean Hacker for Ransomware Attacks on Hospitals

20 hours ago [email protected] (The Hacker News)

Ongoing Cyberattack Targets Exposed Selenium Grid Services for Crypto Mining

23 hours ago [email protected] (The Hacker News)

CrowdStrike Warns of New Phishing Scam Targeting German Customers

23 hours ago [email protected] (The Hacker News)

Critical Flaw in Telerik Report Server Poses Remote Code Execution Risk

1 day ago [email protected] (The Hacker News)