REF4578 Campaign Unleashes the Highly Modular GhostEngine Malware

Threat Level – Amber | Vulnerability Report
Download PDF

A malicious crypto mining campaign, codenamed ‘REF4578,’ has been discovered deploying a malicious payload named GhostEngine. This payload exploits vulnerable drivers to disable security products and deploy an XMRig miner. The campaign is notable for its complexity, which ensures both the installation and persistence of the XMRig miner.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox