The attribution of a cyber-attack is a key question in this debate about nuclear responses. It is extremely difficult to pinpoint the source of a tech invasion, as complex coding techniques mean users are able to retain online anonymity.
Cryptocurrency miners basically do what they do with little fanfare or attempts at obfuscation, but one group of miners has been seen using a technique that allows the malware to make injections to 64-bit processes from 32-bit loaders.
Julia Sowells explains how the BitPaymer malware initially executes itself, makes a copy of itself and runs in two ADS. It hides in empty files; deletes its older executable file and transfers control of the malware to the newly created files.