GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack
1 min read![](https://askcybersteve.com/wp-content/uploads/2024/05/crypto-malware-9IMy0K.png)
Cybersecurity researchers have discovered a new cryptojacking campaign that employs vulnerable drivers to disable known security solutions (EDRs) and thwart detection in what’s called a Bring Your Own Vulnerable Driver (BYOVD) attack.
Elastic Security Labs is tracking the campaign under the name REF4578 and the primary payload as GHOSTENGINE. Previous research from Chinese