The reviewed record of science sign in
Pith

arxiv: 2401.07995 · v2 · pith:36SHMC57 · submitted 2024-01-15 · cs.CR

The Pulse of Fileless Cryptojacking Attacks: Malicious PowerShell Scripts

Reviewed by Pithpith:36SHMC57open to challenge →

classification cs.CR
keywords attacksfilelessscriptscryptojackingmaliciouspowershellexecutionvictim
0
0 comments X
read the original abstract

Fileless malware predominantly relies on PowerShell scripts, leveraging the native capabilities of Windows systems to execute stealthy attacks that leave no traces on the victim's system. The effectiveness of the fileless method lies in its ability to remain operational on victim endpoints through memory execution, even if the attacks are detected, and the original malicious scripts are removed. Threat actors have increasingly utilized this technique, particularly since 2017, to conduct cryptojacking attacks. With the emergence of new Remote Code Execution (RCE) vulnerabilities in ubiquitous libraries, widespread cryptocurrency mining attacks have become prevalent, often employing fileless techniques. This paper provides a comprehensive analysis of PowerShell scripts of fileless cryptojacking, dissecting the common malicious patterns based on the MITRE ATT&CK framework.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.