Security

Ransomware is so 2017, it's all cryptomining now among the script kiddies

Plus: Hackers take crack at cloud, phones come pre-pwned, malware's going multi-plat

By John Leyden

10 SHARE

The number of organisations affected by cryptomining malware in the first half of 2018 ramped up to 42 per cent, compared to 20.5 per cent in the second half of 2017, according to a new report from Check Point.

The top three most common malware variants seen in the first half of 2018 were all cryptominers: Coinhive (25 per cent); Cryptoloot (18 per cent); and JSEcoin (14 per cent). All three perform online mining of the cryptocurrency – often without a user's knowledge, much less consent – when a surfer visits a web page that harbours cryptomining code.

Locky was the leading ransomware variant hitting organisations globally in the first six months of 2018, ahead of WannaCry and Globeimposter. Locky spreads mainly via spam emails containing a downloader, disguised as a Word or Zip attachment. WannaCry used a Windows SMB exploit called EternalBlue to spread while Globeimposter is distributed by spam campaigns, malvertising and exploit kits.

Cloud infrastructures appeared to be a growing target among hackers during the first six months of this year. Check Point further noted an increase in the number of malware variants targeting multiple platforms (mobile, cloud, desktop etc).

"Up until the end of 2017, multi-platform malware was witnessed in only a handful of occasions," the security researchers said, "but, as predicted, the rise in the number of consumer-connected devices and the growing market share of operating systems which are not Windows has led to an increase in cross-platform malware. Campaign operators implement various techniques in order to take control over the campaigns' different infected platforms."

There were several incidences of mobile malware that originated from the supply chain. Infected devices are being sold to consumers so that new Android smartphones come pre-pwned with malicious code. Mobile malware is increasingly disguised as genuine applications on app stores. These nasties include banking trojans, adware and sophisticated remote access trojans (RATs), Check Point added.

Check Point's Cyber Attack Trends: 2018 Mid-Year Report is based on threat data collected between January and June 2018. ®

Updated to add

Matthew Vallis, chief strategy officer for JSEcoin, has been in touch to say the aforementioned mining software is not malicious, although we note antivirus and browser-blocker makers tend to label it as malware.

"JSEcoin is an opt-in-only ethically run system, which uses excess resources," Vallis told us. "The concept is to improve the user experience by allowing a webmaster to run a script instead of annoying adverts.

"The script uses less CPU than a typical advert. We are run ethically, and comparisons to malware such as Coinhive are totally incorrect."

Sign up to our NewsletterGet IT in your inbox daily

10 Comments

More from The Register

Kaspersky Lab loses the privilege of giving Twitter ad money

Twitter's loss is the EFF's gain

Sir, you've been using Kaspersky Lab antivirus. Please come with us, sir

US govt bans agencies from using Russian outfit's wares

Surprise: Norks not actually behind Olympic Destroyer malware outbreak – Kaspersky

Who framed Pyongyang, then, we wonder

WikiLeaks drama alert: CIA forged digital certs imitating Kaspersky Lab

Vault 8 release says spooks used disguise to siphon off data

Kaspersky Lab's move from Russia to Switzerland fails to save it from Dutch oven

Netherlands turns up the heat as transparency plans unveiled

Brit bank Barclays' Kaspersky Lab diss: It's cyber balkanisation, hiss infosec bods

Analysis It's 2017: Is the splinternet nearer than ever?

'We've nothing to hide': Kaspersky Lab offers to open up source code

Response to US fretting over alleged ties to Russian snoops

Kaspersky: Clumsy NSA leak snoop's PC was packed with malware

Lab suspects Chinese spyware was on home computer

Another US government committee takes aim at Kaspersky Lab

Worries about 'espionage, sabotage, or other nefarious activities' cough - NSA! - cough

Homeland Security drops the hammer on Kaspersky Lab with preemptive ban

Government departments have 90 days to rip and replace