"GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack"

A new cryptocurrency jacking campaign uses vulnerable drivers to disable Endpoint Detection and Response (EDR) solutions and evade detection in Bring Your Own Vulnerable Driver (BYOVD) attacks. Elastic Security Labs tracks the campaign's primary payload as "GHOSTENGINE." Previous research by the cybersecurity firm Antiy Labs called the activity "HIDDEN SHOVEL." This article continues to discuss findings regarding GHOSTENGINE cryptocurrency jacking attacks. 

THN reports "GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack"

Submitted by grigby1

Submitted by Gregory Rigby on