Crypto-Mining, Banking Trojans Top Malware Threats

By: Kacy Zurkus

Crypto-mining malware has again topped the threat index, with Coinhive holding strong in the number one malware threat for the 13th consecutive month, according to the latest Global Threat Index for December 2018, published by Check Point.

The threat index looks at the most common active malware variants and trends as cyber criminals evolve toward crypto-mining and multipurpose malware.

A second-stage downloader, SmokeLoader, first identified back in 2011, jumped to ninth place on the December top-10 list. “After a surge of activity in the Ukraine and Japan, its global impact grew by 20. SmokeLoader is mainly used to load other malware, such as Trickbot Banker, AZORult Infostealer and Panda Banker,” according to a press release.

“December’s report saw SmokeLoader appearing in the top 10 for the first time. Its sudden surge in prevalence reinforces the growing trend towards damaging, multipurpose malware in the Global Threat Index, with the top 10 divided equally between crypto-miners and malware that uses multiple methods to distribute numerous threats,” said Maya Horowitz, threat intelligence and research group manager at Check Point.

“The diversity of the malware in the Index means that it is critical that enterprises employ a multilayered cybersecurity strategy that protects against both established malware families and brand new threats.”

More:  https://www.infosecurity-magazine.com/news/crypto-mining-banking-trojans-top/

Password and credit card-stealing Azorult malware adds new tricks

By: Danny Palmer

Skull of death symbol on the screen of smartphone on laptop computer. There is data flowing background. Selective focus on screen of the phone.

Malware can now steal more types of cryptocurrecny and comes with other updates, likely in response to a free version being leaked online.

A form of password, credit card details and cryptocurrency-stealing malware has been updated, making it even more potent for cyber criminals.

The Azorult malware has been been operating since 2016 and enables crooks to steal credentials including passwords, credit card details, browser histories and contents of cryptocurrency wallets from victims.

Now a new version of it is being advertised in an underground forum, as uncovered by researchers at tech security company Check Point, who describe it as “substantially updated”.

New features include the ability to steal additional forms of crpytocurrency from the wallets of victims – BitcoinGold, electrumG, btcprivate (electrum-btcp), bitcore and Exodus Eden.

Reflecting the fast pace of malware development, the developer of Azorult also boats improvements to the cryptocurrency wallet stealer components and improvements to the loader.

Researchers also note some behind-the-scenes changes compared to previous versions of the malware, including a new encryption method to obfuscate the domain name, as well as a new key for connecting to the command and control server.

More: https://www.zdnet.com/article/password-and-credit-card-stealing-azorult-malware-adds-new-tricks/

iPhone a Growing Target of Crypto-Mining Attacks

By: Kacy Zurkus

Apple has increasingly been the target of crypto-mining attacks, and according to Check Point, iPhone attacks increased by nearly 400% over the last two weeks in September.

In its most recently published Global Threat Index, Check Point researchers said they are continuing to investigate the reasons behind this sharp increase but reported that crypto-miners continued to be the most common malware in September 2018. Coinhive continued to hold the number-one position, which it has occupied since December 2017.

While Coinhive currently impacts 19% of global organizations, researchers also reported that the information-stealing Trojan Dorkbot held onto second place with a 7% global impact. The report also noted significant increase in Coinhive attacks against PCs. Attackers used the Coinhive mining malware to target iPhones, which aligned with a rise in attacks against users of the Safari browser, the primary browser used by Apple devices.

The mining malware that rivals Coinhive, known as Cryptoloot, ranked third place overall on the Threat Index, making it the second-most prevalent crypto-miner in the index. Differentiating itself from Coinhive, Cryptoloot requests a smaller revenue percentage from websites than its top competitor.

“Crypto-mining continues to be the dominant threat facing organizations globally,” Maya Horowitz, threat intelligence group manager at Check Point, said in a press release. “What is most interesting is the fourfold increase in attacks against iPhones and against devices using the Safari browser during the last two weeks of September. These attacks against Apple devices are not using new functionality, so we are continuing to investigate the possible reasons behind this development.”

More: https://www.infosecurity-magazine.com/news/iphone-a-growing-target-of/

What is cryptojacking? How to prevent, detect, and recover from it

By: Michael Kan

Criminals are using ransomware-like tactics and poisoned websites to get your employees’ computers to mine cryptocurrencies. Here’s what you can do to stop it.

Cryptojacking is the unauthorized use of someone else’s computer to mine cryptocurrency. Hackers do this by either getting the victim to click on a malicious link in an email that loads crypto mining code on the computer, or by infecting a website or online ad with JavaScript code that auto-executes once loaded in the victim’s browser.

Either way, the crypto mining code then works in the background as unsuspecting victims use their computers normally. The only sign they might notice is slower performance or lags in execution.

Why cryptojacking is on the rise

No one knows for certain how much cryptocurrency is mined through cryptojacking, but there’s no question that the practice is rampant. Browser-based cryptojacking is growing fast. Last November, Adguard reported a 31 percent growth rate for in-browser cryptojacking. Its research found 33,000 websites running crypto mining scripts. Adguard estimated that those site had a billion combined monthly visitors.

This February, Bad Packets Report found 34,474 sites running Coinhive, the most popular JavaScript miner that is also used for legitimate crypto mining activity. In July, Check Point Software Technologies reported that four of the top ten malware it has found are crypto miners, including the top two: Coinhive and Cryptoloot.

“Crypto mining is in its infancy. There’s a lot of room for growth and evolution,” says Marc Laliberte, threat analyst at network security solutions provider WatchGuard Technologies. He notes that Coinhive is easy to deploy and generated $300 thousand in its first month. “It’s grown quite a bit since then. It’s really easy money.”

In January, researchers discovered the Smominru crypto mining botnet, which infected more than a half-million machines, mostly in Russia, India, and Taiwan. The botnet targeted Windows servers to mine Monero, and cybersecurity firm Proofpoint estimated that it had generated as much as $3.6 million in value as of the end of January.