Crypto-mining malware has again topped the threat index, with Coinhive holding strong in the number one malware threat for the 13th consecutive month, according to the latest Global Threat Index for December 2018, published by Check Point.
The threat index looks at the most common active malware variants and trends as cyber criminals evolve toward crypto-mining and multipurpose malware.
A second-stage downloader, SmokeLoader, first identified back in 2011, jumped to ninth place on the December top-10 list. “After a surge of activity in the Ukraine and Japan, its global impact grew by 20. SmokeLoader is mainly used to load other malware, such as Trickbot Banker, AZORult Infostealer and Panda Banker,” according to a press release.
“December’s report saw SmokeLoader appearing in the top 10 for the first time. Its sudden surge in prevalence reinforces the growing trend towards damaging, multipurpose malware in the Global Threat Index, with the top 10 divided equally between crypto-miners and malware that uses multiple methods to distribute numerous threats,” said Maya Horowitz, threat intelligence and research group manager at Check Point.
“The diversity of the malware in the Index means that it is critical that enterprises employ a multilayered cybersecurity strategy that protects against both established malware families and brand new threats.”
While the value of many cryptocurrencies has recently dropped off from their record highs, they still have strong appeal to cybercriminals.
The prospect of using thousands of devices to mine the likes of Monero is too tempting to ignore and so there has been a massive spike in malware that utilizes unknowing CPUs to generate money with little to no effort for the criminals and little obvious evidence of foul play to the user.
While on the surface it may seem that criminals could be doing far worse than mining cryptocurrency on your infrastructure, there can serious consequences if you find such an infection.
The rise and fall of browser-based mining
Last year cryptocurrency mining service CoinHive released code that would allow websites to generate revenue by using the CPU of the website visitors through cryptomining. This quickly led to a new trend in malware, where hackers inject legitimate websites with mining code.
One report puts the number of websites infected with cryptojacking malware at around 35,000. A notable case was the thousands of government websites including the UK Information Commissioner’s Office (ICO), National Health Service (NHS) Scotland, and the government portal of Queensland, Australia that were found to be hosting mining code. A Cisco Talos report estimates a single mining campaign could earn just under $1.2 million over the course of a year.
However, while browser-based cryptomining has proven lucrative for criminals, the boom has been short-lived. Various tools have since been released – built-in browser features, extensions, or features within security products – which block unauthorized crypto-mining, thus reducing the amount of money hackers can raise. Which has push criminals to search for new targets.