New Cryptojacking Attack Exploits Windows Systems
In a recent development,cybersecurity experts at Darktrace have uncovered a sophisticated cryptojacking campaign targeting Windows users. This cyber threat is crafted to evade Windows Defender, one of the most common security solutions.
Darktrace analysts,Keanna Grelicha and Tara Gould,detailed how attackers use PowerShell,a tool designed for Windows governance,to execute harmful codes. By running malicious scripts in system memory, the hackers avoid detection by typical antivirus tools that scan files on disk.
To further obscure their actions, the attackers employ AutoIt, a scripting language commonly used for automating Windows tasks. This tool helps them inject a harmful loader into legitimate processes, downloading and launching a cryptocurrency miner called NBMiner.
- The campaign specifically targets Windows systems.
- It exploits PowerShell and AutoIt for stealth.
- NBMiner mines cryptocurrencies silently using GPU.
The malware ensures that only Windows Defender is active before proceeding. It also tries to gain admin rights through User Account Control vulnerabilities.
Through its Autonomous Response technology, Darktrace thwarted this attack. The system blocked the infected device from connecting to risky endpoints.
Cryptocurrency’s growing value fuels these attacks. Still,users can protect themselves with updated security software and vigilance against suspicious activities.
Earlier, Darktrace highlighted another scheme where cybercriminals masqueraded as legitimate firms to spread crypto-stealing software. This tactic, combining social engineering and malware, impacted both Windows and macOS systems.
