Crypto Mining Malware up Over 4,000% in 2018, Says McAfee Report

Published at: Dec. 20, 2018

Cryptojacking malware activity rose by over 4000 percent in 2018, according to a new quarterly report published by cyber security firm McAfee Labs, Dec. 18.

Cryptojacking is the practice of using a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge. The McAfee statistic of over 4000 percent specifically refers to total instances of a cryptojacking malware, referred to in the study as “coin miner.”

The report extends to a range of new crypto mining malware threat vectors, which notably include a spike in new malware targeting Internet of Things (IoT) devices:

“New [mining] malware targeting IoT devices grew 72%, with total malware growing 203% in the last four quarters. New coinmining malware grew nearly 55%, with total malware growing 4,467% in the last four quarters.”

As the report notes, the rise in IoT-targeting threats is somewhat surprising, given the low CPU processing power of the devices. Yet, the report continues, “cybercriminals have taken notice of the growing volume and lax security of many IoT devices and have begun to focus on them, harnessing thousands of devices to create a mining super-computer.”

Remco Verhoef, a security researcher at McAfee, also outlined the workings of a MacOS crypto mining malware threat — later dubbed OSX.Dummy — which was distributed on mining chat groups. The threat actor reportedly suggested to users on Slack, Telegram and Discord channels that they download software “to fix crypto problems.” This software — which is in fact fake — then “executes with a single line in Bash”:

“The users essentially infected their own devices instead of falling victim to an unknown exploit or an exploit kit. In execution, OSX.Dummy opens a reverse shell on a malicious server, giving an attacker access to the compromised system.”

An earlier report from McAfee Labs had already indicated that cryptojacking rose by a staggering 629 percent in the first quarter of 2018 alone. This month, research from cyber security research firm Kaspersky Lab revealed that cryptojacking has overtaken ransomware as the top cybersecurity threat in some parts of the world.

Tags
Related Posts
Ransomware Threatens Production of 300 Ventilators Per Day
The FDA-approved Coronavirus ventilator manufacturer Boyce Technologies has been targeted by ransomware launched by the DoppelPaymer gang, who are threatening to leak data from the company. Cointelegraph has viewed the DoppelPaymer blog, where the gang lists example files of the data stolen during the attack, including sales and purchase orders, assignment forms, among others. The cybercriminals have threatened that more information will be disclosed next week through the site if an undisclosed crypto ransom is not paid by the firm. Boyce Technologies is well-known for its work in designing and manufacturing FDA-approved low-cost ventilators in just 30 days during the …
Blockchain / Aug. 7, 2020
Cryptojacking Attacks Are Seriously Underestimated, Says BlackBerry VP
Cryptojacking attacks are both an internal and external threat, as the hacking groups are getting more organized in attempts to exploit vulnerabilities in the networks. However, there are also cases where some admins use valid entitlements to make money from illegally mining crypto using the firm’s network resources, and many organizations “don’t have great visibility” about it, says Josh Lemos, VP of research and intelligence at BlackBerry. Lemos told Cointelegraph that a crypto mining software is not necessarily malicious but rather opportunistic utilizing compute resources for monetary gain, "although you often find it paired with malicious software,” and it’s also …
Blockchain / Aug. 1, 2020
Law Enforcement’s Guide to Policing Crypto Cybercrimes
2019 demonstrated that cyber-attacks are getting more numerous in the cryptocurrency industry, while hardware remains vulnerable and high-profile data leaks are becoming more common. Even worse, the trend is a continuing one. Way back in June 2018, Kaspersky Lab security experts reported an increase in the amount of malware targeting the cryptocurrency market. They noted a trend toward the spread of two types of malware: for hacking cryptocurrency wallets and for malicious Bitcoin (BTC) mining. As cybercrimes using digital money have begun to affect more countries and involve more advanced technologies, entire states and government organizations have come to grips …
Blockchain / Feb. 19, 2020
New Linux Malware Mines Crypto While Remaining Undetectable
Two threat analysts recently stumbled upon new Linux malware that keeps its cryptocurrency mining operations hidden. On Sept. 16, Augusto Remillano II and Jakub Urbanec revealed in a post on Trend Micro, a security intelligence blog, that they found new Linux malware. According to the analysts, this malware is particularly notable because of the way it loads malicious kernel modules to hide its cryptocurrency mining operations. Malware provides hackers full access to infected machine The analysts revealed that Skidmap masks its cryptocurrency mining by utilizing a rootkit, which is a program that installs and executes code on a system without …
Blockchain / Sept. 16, 2019
Trend Micro Detects Major Uptick in New Strain of XMR Malware Targeting China-Based Systems
Cybersecurity firm Trend Micro has detected a major uptick in monero (XMR) cryptojacking malware targeting China-based systems this spring. The news was revealed in an official Trend Micro announcement on June 5. As previously reported, cryptojacking is an industry term for stealth crypto mining attacks that work by installing malware that uses a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge. The XMR-focused malware — which wields malicious PowerShell scripts for illicit mining activities on Microsoft-based systems — reportedly surged against Chinese targets in mid-May. Hitting a peak on May 22, the wave of cryptojacking …
Altcoin / June 6, 2019