REF4578 Campaign Unleashes the Highly Modular GhostEngine Malware

Summary:

A malicious crypto mining campaign, codenamed ‘REF4578,’ has been discovered deploying a malicious payload named GhostEngine. This payload exploits vulnerable drivers to disable security products and deploy an XMRig miner. The campaign is notable for its complexity, which ensures both the installation and persistence of the XMRig miner.

Threat Level – Amber | Attack Report

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.