Security & Fraud

Kaspersky Discovers New Malware Targeting Corporations

Researchers at Kaspersky Lab have discovered a new form of cryptojacking malware that has targeted corporations in multiple countries.

“The malware, which we dubbed PowerGhost, is capable of stealthily establishing itself in a system and spreading across large corporate networks, infecting both workstations and servers,” the company wrote in a blog post.

The fileless malware remains inconspicuous to the user and undetected by antivirus technologies, with the victim’s machine being infected remotely using exploits or remote administration tools such as Windows Management Instrumentation. Because the virus isn’t stored directly on a computer’s hard drive, it is harder to detect.

Once installed, it mines an undisclosed cryptocurrency, which has become one of the most popular ways for cybercriminals to make money — surpassing ransomware.

“PowerGhost raises new concerns about crypto-mining software. The miner we examined indicates that targeting consumers is not enough for cybercriminals anymore – threat actors are now turning their attention to enterprises, too. Cryptocurrency mining is set to become a huge threat to the business community,” said David Emm, principal security researcher at Kaspersky Lab, according to ZDNet.

So far, PowerGhost is reportedly seen most often on corporate networks in India, Brazil, Colombia and Turkey. It has also been detected in Europe and North America.

Another factor that makes PowerGhost so dangerous: It is an obscured PowerShell script which contains a shellcode for deploying the EternalBlue exploit to spread across the network. EternalBlue is the leaked NSA hacking tool which went on to power the WannaCry and NotPetya attacks.

Researchers note that one version of PowerGhost can also be used for conducting DDoS attacks, which could be a way for the creators of the malware to use it as an additional means of income.



Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border. Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.