This devious malware can turn off your security protection without you even realizing — and then download a load of cryptominers

After terminating the AVs, REF4578 downloads cryptominers

May 22, 2024 · 1 min · 68 words · Samantha Anderson

Table of Contents

When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.

Once that’s done, themalwaredrops XMRig, one of the most popular cryptocurrency miners out there.

This file drops a powerShell script called GhostEngine which, in turn, runs a number of different activities.

Antivirus software

GhostEngine can also disable Windows Defender, enable remote services, and clear different Windows event logs.

ViaBleepingComputer

More from TechRadar Pro#