Content area

Abstract

Translate

Conference Title: SoutheastCon 2024

Conference Start Date: 2024, March 15

Conference End Date: 2024, March 24

Conference Location: Atlanta, GA, USA

Fileless malware predominantly relies on PowerShell scripts, leveraging the native capabilities of Windows systems to execute stealthy attacks that leave no traces on the victim's system. The effectiveness of the fileless method lies in its ability to remain operational on victim endpoints through memory execution, even if the attacks are detected, and the original malicious scripts are removed. Threat actors have increasingly utilized this technique, particularly since 2017, to conduct cryptojacking attacks. With the emergence of new Remote Code Execution (RCE) vulnerabilities in ubiquitous libraries, widespread cryptocurrency mining attacks have become prevalent, often employing fileless techniques. This paper provides a comprehensive analysis of PowerShell scripts of fileless cryptojacking, dissecting the common malicious patterns based on the MITRE ATT &CK framework.

Details

Subject
Scripts;
Cryptocurrency mining;
Digital currencies
Title
The Pulse of Fileless Cryptojacking Attacks: Malicious PowerShell Scripts
Author
Varlioglu, Said 1 ; Elsayed, Nelly 1 ; Varlioglu, Eva Ruhsar 2 ; Ozer, Murat 1 ; ElSayed, Zag 1 

 School of Information Technology, University of Cincinnati,Cincinnati,Ohio,USA 
 School of Criminal Justice, University of Cincinnati,Cincinnati,Ohio,USA 
Publication title
The Institute of Electrical and Electronics Engineers, Inc. (IEEE) Conference Proceedings; Piscataway
Source details
SoutheastCon 2024
Publication year
2024
Publication date
2024
Publisher
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Place of publication
Piscataway
Country of publication
United States
Publication subject
Engineering--Electrical Engineering
Source type
Conference Paper
Language of publication
English
Document type
Conference Proceedings
Publication history
 
 
Online publication date
2024-04-24
Publication history
 
 
   First posting date
24 Apr 2024
DOI
https://doi.org/10.1109/SoutheastCon52093.2024.10500068
ProQuest document ID
3044626394
Document URL
https://www.proquest.com/conference-papers-proceedings/pulse-fileless-cryptojacking-attacks-malicious/docview/3044626394/se-2?accountid=208611
Copyright
Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2024
Last updated
2024-10-03
Database
ProQuest One Academic