Check Point Software—a cybersecurity solutions provider—announced that the threat stemming from cryptocurrency mining malware is growing more and more prevalent.
Based on the data from the company’s updated Global Threat Impact Index report, the CoinHive variant was the sixth most-used malware last month.
CoinHive is a JavaScript program that lurks unseen on websites and operates by using the processing power of visitors’ computers to mine monero. CoinHive implants JavaScript, which then uses high levels of the end-users’ CPU, severely impact the machine’s performance.
As of September, RoughTed and Locky were identified as the two most dominant threats.
• RoughTed – a purveyor of ad-blocker aware malvertising responsible for a range of scams, exploits, and malware.. It can be used to attack any type of platform and operating system, and utilizes ad-blocker bypassing and fingerprinting in order to make sure it delivers the most relevant attack.
• Locky – Ransomware that started its distribution in February 2016, and spreads mainly via spam emails containing a downloader disguised as a Word or Zip attachment and then downloads and installs the malware that encrypts the user files.
However, there was a new entry in the top three called the “Seamless traffic redirector” malware. This malware redirects the victim to a malicious web page, and causes infection by an exploit kit. Successfully infecting the target allows the attacker to download additional malware.
Threat intelligence group manager of Check Point Software, Maya Horowitz, said that the rise of mining malware such as CoinHive emphasizes the “need for advanced threat prevention technologies” to halt such practices and guard networks from cyber-criminals.
“Crypto mining is a new, silent, yet significant actor in the threat landscape, allowing threat actors to make significant revenues while victims’ endpoints and networks suffer from latency and decreased performance,” she said.
Recently, Internet domain provider Cloudflare put a stop to websites that operated hidden cryptocurrency miners, including that of the operator of torrent site ProxyBunker. This site was reported as running the Coinhive miner for four days before the suspension.
