GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack
GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack
22 May 2024
Cybersecurity researchers have discovered a new cryptojacking campaign that employs vulnerable drivers to disable known security solutions (EDRs) and thwart detection in what's called a Bring Your Own Vulnerable Driver (BYOVD) attack.
Elastic Security Labs is tracking the campaign under the name REF4578 and the primary payload as GHOSTENGINE. Previous research from Chinese