Crypto mining malware remains a critical Internet threat

According to a recent analysis from Check Point, browser-based crypto mining malware remained a critical internet threat. The report, however, shows that it is gradually slowing down.

March 12, 2019 | AtoZ Markets – In February 2019, Coinhive once again led the global threat index for the 15th consecutive month. This was noticed by security research firm, Check Point even having announced that its services would shut down last week, precisely on March 8th 2019, due to the fact that it is no longer economically viable.

Researchers reveal the most wanted malware

Meanwhile, their researchers have discovered several widespread campaigns distributing GandCrab ransomware that have targeted Japan, Germany, Canada and Australia, among several other countries.

As noticed by Check Point, these operations emerged over the last two months, and one of the most recent campaigns has been associated with a new version of the ransomware, GandCrab V5.2.

While this new version includes most of the features of the last, it has a key change in encryption that renders the decryption tool for previous ransomware versions ineffective. According to Maya Horowitz, Check Point’s Threat Intelligence and Research Director:

“As we saw in January, this demonstrates that threat actors continue to exploit distribution methods while creating new and more dangerous versions of existing malware forms.”

Maya also added:

“GandCrab’s new version proves once again that although there are malware families that stay in the top malware list for several months and seems to be static, they actually keep trying to find new methods to evade security products detections. To effectively combat this, our researchers continuously trace them based on their malware family DNA.”

Crypto mining malware fades away slowly

Meanwhile, crypto mining malware continues to dominate in February according to the recent global malware threat index. However, as the prices of cryptocurrencies decline, they are gradually fading away as their profitability declines.

As the report also indicates, the rising cost of mining along with the drop in the price of Monero saw a decline in the value of Coinhive, falling from 18% in October 2018 to 12% in January 2019, and to 10% in March. Moreover, Cryptoloot took the second place in February replacing Emotet, and XMRig, an open-source CPU mining software used for mining Monero.

At the moment, it remains to be seen whether the top position will be taken by another type of crypto mining malware or other malware forms entirely.

Top 3 Most wanted mobile malware in February 2019

While mobile devices are inherently more secure than PCs, they are not immune malware. The top three mobile malware strains all target Android phones.

1. Lotoor – Hack tool that exploits vulnerabilities on the Android operating system in order to gain root privileges on compromised mobile devices.

2. Hiddad – Hiddad uses an innovative technique to break into mobile devices. This Android malware repackages legitimate apps and then upload them to a third-party store, thus, tricking users into downloading them instead of the real app.

3. Triada – Modular Backdoor for Android which grants administrative privileges to downloaded malware, and helps it to get embedded into system processes. Triada has also been seen spoofing URLs loaded in the browser.

Check Point’s researchers also analyzed the most exploited cyber vulnerabilities. CVE-2017-7269 is still leading the top exploited vulnerabilities with 45%.

OpenSSL TLS DTLS Heartbeat Information Disclosure is the second most prevalent vulnerability with a global impact of 40%, followed by Web servers PHPMyAdmin Misconfiguration Code Injection exploit, impacting 34% of organizations worldwide.

Think we missed something? Let us know in the comments section below.

Share Your Opinion, Write a Comment