Cryptomining malware continues to drain enterprise CPU power

Cryptomining malware continues to impact organizations globally as 23% were affected by the Coinhive variant during January 2018, according to Check Point’s latest Global Threat Impact Index.

Researchers discovered three different variants of cryptomining malware in its Top 10 most prevalent ranking, with Coinhive ranking first, impacting more than one-in-five organizations. Coinhive performs online mining of Monero cryptocurrency when a user visits a web page without the user’s approval. The implanted JavaScript then uses the computational resources of the end user’s machines to mine coins, impacting system performance.

“Over the past three months cryptomining malware has steadily become an increasing threat to organizations, as criminals have found it to be a lucrative revenue stream,” said Maya Horowitz, Threat Intelligence Group Manager at Check Point. “It is particularly challenging to protect against, as it is often hidden in websites, enabling hackers to use unsuspecting victims to tap into the huge CPU resource that many enterprises have available. As such, it is critical that organizations have the solutions in place that protect against these stealthy cyber-attacks.”

In addition to cryptominers, researchers also discovered that 21% of organizations have still failed to deal with machines infected with the Fireball malware. Fireball can be used as a full-functioning malware downloader capable of executing any code on victims’ machines. It was first discovered in May 2017, and severely impacted organizations during Summer of 2017.

In January, crypto-mining malware continued to be the most prevalent with Coinhive retaining its most wanted spot impacting 23% of organizations, followed by Fireball in second and Rig Exploit Kit in third impacting 17% of organizations.

January 2018’s top 3 most wanted malware

1. Coinhive – Crypto-Miner designed to perform online mining of Monero cryptocurrency when a user visits a web page without the user’s approval.

2. Fireball – Browser-hijacker that can be turned into a full-functioning malware downloader.

3. Rig ek – Rig delivers Exploits for Flash, Java, Silverlight and Internet Explorer

Lokibot, an Android banking Trojan, was the most popular malware used to attack organizations’ mobile estates followed by the Triada and Hiddad.

January 2018’s top 3 most wanted mobile malware

1. Lokibot – Android banking Trojan and info-stealer, which can also turn into a ransomware that locks the phone.

2. Triada – Modular Backdoor for Android which grants superuser privileges to downloaded malware.

3. Hiddad – Android malware which repackages legitimate apps then releases them to a third-party store.