
GhostMiner: Cryptomining Malware Goes Fileless - ckdiii
https://blog.minerva-labs.com/ghostminer-cryptomining-malware-goes-fileless
======
ycmbntrthrwaway
Just an antivirus advertisement.

Nothing new, a powershell script which runs an XMRig and removes the binary
and itself.

------
kerng
Wouldn't any decent AV product catch this anyway? I mean Invoke-
ReflectivePEInjection commandlet is from Powersploit and it's been around for
like for 4-5 years if I'm not mistaken.

