This article is more than 1 year old

Ransomware is so 2017, it's all cryptomining now among the script kiddies

Plus: Hackers take crack at cloud, phones come pre-pwned, malware's going multi-plat

The number of organisations affected by cryptomining malware in the first half of 2018 ramped up to 42 per cent, compared to 20.5 per cent in the second half of 2017, according to a new report from Check Point.

The top three most common malware variants seen in the first half of 2018 were all cryptominers: Coinhive (25 per cent); Cryptoloot (18 per cent); and JSEcoin (14 per cent). All three perform online mining of the cryptocurrency – often without a user's knowledge, much less consent – when a surfer visits a web page that harbours cryptomining code.

Locky was the leading ransomware variant hitting organisations globally in the first six months of 2018, ahead of WannaCry and Globeimposter. Locky spreads mainly via spam emails containing a downloader, disguised as a Word or Zip attachment. WannaCry used a Windows SMB exploit called EternalBlue to spread while Globeimposter is distributed by spam campaigns, malvertising and exploit kits.

Cloud infrastructures appeared to be a growing target among hackers during the first six months of this year. Check Point further noted an increase in the number of malware variants targeting multiple platforms (mobile, cloud, desktop etc).

"Up until the end of 2017, multi-platform malware was witnessed in only a handful of occasions," the security researchers said, "but, as predicted, the rise in the number of consumer-connected devices and the growing market share of operating systems which are not Windows has led to an increase in cross-platform malware. Campaign operators implement various techniques in order to take control over the campaigns' different infected platforms."

There were several incidences of mobile malware that originated from the supply chain. Infected devices are being sold to consumers so that new Android smartphones come pre-pwned with malicious code. Mobile malware is increasingly disguised as genuine applications on app stores. These nasties include banking trojans, adware and sophisticated remote access trojans (RATs), Check Point added.

Check Point's Cyber Attack Trends: 2018 Mid-Year Report is based on threat data collected between January and June 2018. ®

Updated to add

Matthew Vallis, chief strategy officer for JSEcoin, has been in touch to say the aforementioned mining software is not malicious, although we note antivirus and browser-blocker makers tend to label it as malware.

"JSEcoin is an opt-in-only ethically run system, which uses excess resources," Vallis told us. "The concept is to improve the user experience by allowing a webmaster to run a script instead of annoying adverts.

"The script uses less CPU than a typical advert. We are run ethically, and comparisons to malware such as Coinhive are totally incorrect."

More about


Send us news

Other stories you might like