Recently found malware uses advanced techniques to defeat antivirus safeguards, delete signs of infection, and permanently infect devices with cryptocurrency-mining software, experts said.
“The first goal of the GhostEngine malware is to disable endpoint security solutions and specific Windows event logs, such as Security and System logs, which record process creation and service registration,” said Elastic Security Labs researchers, who found the attacks.
The Anatomy of GhostEngine
- Targeting Endpoint Security Solutions: GhostEngine specifically aims at endpoint security solutions, which include antivirus software, intrusion detection systems, and endpoint detection and response (EDR) tools. By disabling these defenses, the attackers gain a foothold within the victim’s system.
- Driver Exploitation: The attack exploits vulnerable drivers from popular security software providers, such as Avast and IOBit. These drivers are essential for communication between the operating system and hardware components. GhostEngine manipulates them to gain access to the kernel, a privileged area of the system.
- Silent Disabling of EDR: Once inside, GhostEngine silently disables the EDR system. This step is crucial because EDR tools monitor system
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from CySecurity News – Latest Information Security and Hacking IncidentsRead the original article: