Crypto Miners Dominate Top 10 List of Most Prolific Malware Threats

Published at: May 16, 2019

A global threat report has concluded that the three most common malware variants detected in April were crypto miners, according to a news release on May 14.

Check Point Research said Cryptoloot, malware that uses the victim’s computing power to mine for crypto without their knowledge, was last month’s biggest threat. XMRig, open-source software which is used for mining monero (XMR), was in second place. Rounding off the top three was JSEcoin, a JavaScript miner embedded in websites.

Despite their prevalence, the company’s researchers believe that criminals are shifting their focus away from crypto mining. Several popular services used to target unsuspecting computer users, such as Coinhive, have closed. In addition, the collapse in crypto prices at the start of the year meant other strategies were more lucrative.

According to Check Point, multi-purpose trojans are on the rise — with its experts warning this is concerning because of how they steal private data and target databases and backup servers with ransomware demanding up to $1 million.

Maya Horowitz, the company’s threat intelligence and research director, said:

“As these malware constantly morph, it is crucial to have a robust line of defense against them with advanced threat prevention.”

Last month, American software company Symantec detected a spike in a new crypto mining malware, Beapy, that targets enterprises. Beapy is reportedly spread through malicious emails, and according to researchers, its file-based approach to cryptojacking is considerably more profitable for hackers than browser-based tools.

Also in April, two Romanian cybercriminals were convicted in the United States of spreading malware to steal credit card details and illicitly mine crypto.

Tags
Related Posts
Botnet Exploits SQL Servers to Install Crypto Mining App
Recent reports revealed that a group of hackers behind the Kingminer botnet targeted vulnerable Microsoft SQL server databases to mine cryptocurrencies at some point in the second week of June. According to the cybersecurity firm Sophos, the attackers used the botnet, active since 2018, to exploit the BlueKeep and EternalBlue vulnerabilities, by also accessing through a trojan known as Gh0st, which relies on a remote access malware. Once the SQL server database is infected, the botnet installs a well-known crypto miner software called XMRig, which mines Monero (XMR). There are no details as of press time regarding how many systems …
Altcoin / June 10, 2020
Interpol Collaborates With Cybersecurity Firm to Tackle Cryptojacking
Interpol has collaborated with cybersecurity firm Trend Micro to reduce cryptojacking affecting MikroTik routers across South-East Asia, according to a Jan. 8 press release. Though the collaboration reduced the number of affected devices by 78 percent, this is unlikely to have made a significant impact on mining hashrate. Cryptojacking is a malicious practice where attackers infect common devices with crypto mining malware, utilizing the victim’s resources to mine cryptocurrency. Cybersecurity firm Trend Micro collaborated with Interpol’s Global Complex for Innovation, based in Singapore, to sanitize MikroTik routers infected with mining malware. As part of the “Operation Goldfish Alpha,” Trend Micro …
Altcoin / Jan. 9, 2020
Sophisticated Mining Botnet Identified After 2 Years
Cybersecurity firm, Guardicore Labs, revealed the identification of a malicious crypto-mining botnet that has been operating for nearly two years on April 1. The threat actor, dubbed ‘Vollgar’ based on its mining of the little-known altcoin, Vollar (VSD), targets Windows machines running MS-SQL servers — of which Guardicore estimates there are just 500,000 in existence worldwide. However, despite their scarcity, MS-SQL servers offer sizable processing power in addition to typically storing valuable information such as usernames, passwords, and credit card details. Sophisticated crypto-mining malware network identified Once a server is infected, Vollgar “diligently and thoroughly kills other threat actors’ processes,” …
Altcoin / April 5, 2020
Researchers Find Monero Mining Malware That Hides From Task Manager
Cybersecurity company Varonis has discovered a new cryptojacking virus, dubbed “Norman,” that aims to mine the cryptocurrency Monero (XMR) and evade detection. Varonis published a report about Norman on Aug.14. According to the report, Varonis found Norman as one of many cryptojacking viruses deployed in an attack that infected machines at a mid-size company. Hackers and cybercriminals deploy cryptojacking hardware to use the computing power of unsuspecting users’ machines to mine cryptocurrencies like the privacy oriented coin Monero. Norman in particular is a crypto miner based on XMRig, which is described in the report as a high-performance miner for Monero …
Altcoin / Aug. 14, 2019
Trend Micro Detects Major Uptick in New Strain of XMR Malware Targeting China-Based Systems
Cybersecurity firm Trend Micro has detected a major uptick in monero (XMR) cryptojacking malware targeting China-based systems this spring. The news was revealed in an official Trend Micro announcement on June 5. As previously reported, cryptojacking is an industry term for stealth crypto mining attacks that work by installing malware that uses a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge. The XMR-focused malware — which wields malicious PowerShell scripts for illicit mining activities on Microsoft-based systems — reportedly surged against Chinese targets in mid-May. Hitting a peak on May 22, the wave of cryptojacking …
Altcoin / June 6, 2019