Novel cryptomining attacks deploying the GhostEngine payload to deactivate endpoint detection and response systems and distribute the XMRig miner through vulnerable kernel driver exploitation were described in separate reports from Elastic Security Labs and Antiy, according to BleepingComputer.