Trend Micro researchers Arianne Dela Cruz, Jay Nebre, and Augusto Remillano identified attackers using the technique in Kuwait, India, Thailand, Brazil, Bangladesh, the United Arab Emirates and Pakistan. “A file landing on a target system acts as both a malware dropper and container, but is not, in itself, malicious. Known as process hollowing, the file contains the main executable and cryptocurrency mining software, rendering them inactive, in order to bypass protective checks” before being triggered by certain command line arguments, according to the article.