According to recent reports, Cryptomining malware are the fastest-growing category of malware around the globe. In an analysis released by cybersecurity vendor Check Point, ranking internet ‘s most common malicious software reveals Monero-mining script CoinHive, Open-source Monero-mining software XMRig, and browser-embeddable cryptocurrency miner JSECoin as the three most active threats worldwide. In fact, out of the top 10 most prevalent malware samples in Check Point’s summary, five of them were cryptominers’.
This is for the thirteenth month in a row that cryptomining malware have topped the list of most hazardous malware. Coinhive have been the most prevalent malware with the malware sample reported to be impacting 12% of the organizations worldwide in Check Point’s report. This fact suggests that organizations around the world are not likely to see a drop in cryptomining attacks anytime soon.
Such malware are usually very stealthy, and users have no knowledge of being infected until their system’s hardware performance drops significantly. And for the same reasons, crypto tools on higher-end enterprise servers and endpoint systems can also be hard to detect.
“The main advantage of cryptomining malware for the attacker is its ability to create direct profit without any user interaction and elaborate mechanisms such as in the cases of ransomware and banking Trojans,” says Omer Dembinsky of Check Point. Dembinsky is the data research team leader at the firm. “It works in the background on personal computers, mobile phones, servers, and any machine with computing power and hence anyone and everyone is a potential target,” he adds.
Cryptojacking, the term used for hacking into one’s system to mine for cryptocurrencies, with CoinHive is so lucrative that academics from Germany’s RWTH Aachen University determined that the script was generated around $250,000 every month.
Cryptomining tools give attackers access to high-end servers with lots of processing power for cryptomining. Dembinsky says that the organizations should apply the most recent updates and patches on their systems in order not to be susceptible to attacks by known vulnerabilities.
Apart from cryptomining malware, others which have made it to the list include SmokeLoader, a malware downloader tool that attackers have previously used to distribute very destructive malware tools, such as Trickbot and Panda banking Trojan and the AZORult information-stealer. Then there is Emotet, a Trojan that is being used for malware distribution, and Ramnit, a banking Trojan which regularly finds itself in the list more often than not.