Cryptocurrency malware still king of cyber threats

Coinhive retains number one spot for 13th month in a row, impacting 12 percent of organisations

Cryptocurrency plundering software remains the most prevalent form of malware identified by security firm Check Point, which warns of a sudden boost in cryptojacking activity.

The firm’s monthly top ten list of prevalent malware threats pinpoints Coinhive as the most distributed form of malware, closely followed by XMRig. Both are cryptominers that covertly perform online mining of Monero cryptocurrency without the user’s knowledge or approval.

In third place is Jsecoin, a javascript based miner that runs directly in browsers, followed by Cryptoloot, which is directly competing with Coinhive by asking for a smaller percentage of revenue from websites.

Even though the overall value of cryptocurrencies dropped in 2018, crypto malware is being increasingly targeted at organisations. In December alone, Coinhive afflicted more than ten percent of organisations worldwide. Cybercriminals can still net sizable crypto-loots by infiltrating many clusters of enterprise computers.

The remaining spaces in the top ten are filled by familiar foes – trojan horses Emotet and Ramnit, and other damaging, multi-purpose malware forms that use multiple methods to distribute a variety of threats.

Despite being active since 2011, Smokeloader enters the top ten for the first time, after a surge of activity from campaigns in the Ukraine and Japan in December. The malware is primarily used to load other malware, such as Trickbot Banker, AZORult Infostealer and Panda Banker.

Maya Horowitz, threat intelligence and research group manager at Check Point said its sudden surge in popularity reinforces ‘the growing trend towards damaging, multi-purpose malware’.

“The diversity of the malware in the index means that it is critical that enterprises employ a multi-layered cybersecurity strategy that protects against both established malware families and brand new threats,” she added.

Check Point also looked at the malware most prevalent on Android devices. Triada, the modular backdoor which grants privileges to downloaded malware retains top spot, followed by Android ad-clicker Guerilla and Lotoor – a tool that exploits vulnerabilities to gain root privileges on mobile devices.