A cryptojacking campaign named REF4578, also known as GHOSTENGINE, uses vulnerable drivers to disable EDR agents, ensuring persistence of the XMRig miner; BYOVD technique leverages a known-vulnerable signed driver to operate stealthily, highlighting the sophistication and potential threat posed by such attacks in the cybersecurity landscape. ```
https://thehackernews.com/2024/05/ghostengine-exploits-vulnerable-drivers.html