Cryptomining Continues to Be Top Malware Threat

Tools for illegally mining Coinhive, Monero, and other cryptocurrency dominate list of most prevalent malware in December 2018.

Enterprise organizations appear unlikely to get respite from cryptomining attacks anytime soon if new threat data from Check Point Software is any indication.
For the thirteenth month in a row, attacks involving the use of cryptomining malware topped the security vendors list of most active threats worldwide in December. Malware for mining the Coinhive cryptocurrency once again emerged as the most prevalent malware sample impacting 12% of the organizations worldwide in Check Points report.
Out of the top 10 most prevalent malware samples in Check Points latest monthly threat summary, the four most active tools—and five in total—were cryptominers.
The persisting attacker interest in crypto malware—despite the overall decline in the value of major cryptocurrencies—is not entirely surprising.
The main advantage of cryptomining malware for the attacker is its ability to create direct profit without any user interaction and without elaborate mechanisms such as in the cases of ransomware and banking Trojans, says Omer Dembinsky, data research team leader at Check Point.
In many cases, users with systems infected with cryptocurrency malware dont even realize they have a problem until hardware performance gets severely degraded. Crypto tools running on higher-end enterprise servers and endpoint systems can be hard to spot for the same reason.
It works in the background on personal computers, mobile phones, servers, and basically any machine with computing power—so anyone and everyone is a potential target, Dembinsky says.
Not surprisingly, many of the most exploited vulnerabilities in December 2018 were also related to illegal cryptomining activity. Topping the list was
CVE-2017-7269
, a buffer-overflow vulnerability in a Microsoft IIS component that was first disclosed nearly two years ago and long ago patched as well.
The reason the vulnerability remains a popular exploit target is because it gives attackers a way to infiltrate high-end servers with lots of processing power for cryptomining, Dembinsky said. Organizations should make sure they apply the most recent updates and patches on their systems in order to not be susceptible to attacks by known vulnerabilities.
Crypto tools are the most prolific, but not the only threat that Check Point
observed
last month. Also noteworthy was the sudden reemergence of SmokeLoader, a malware downloader tool that attackers have previously used to distribute especially pernicious malware tools, such as Trickbot and Panda banking Trojan and the AZORult information-stealer. Security researchers have been tracking the threat since at least 2011 but it has never broken into Check Points list of the 10 most active threats.
A surge of activity involving SmokeLoader in Ukraine and Japan propelled the malware from 20
th
spot just last month to the ninth spot in Check Points list. But Dembinsky says Check Point researchers have not been able to figure the specific reason for the renewed interest in the malware.
For businesses, the sudden re-emergence of a malware tool last seen some eight years ago highlights the need for constant vigilance. This means that organizations should have the most up to date and advanced security measures applied as the next surge could come from any of the numerous threats out there—or from something brand new, Dembinsky notes.
The remaining malware samples on Check Points top 10 list are all multi-purpose code being distributed in multiple ways. They include Emotet, a Trojan that is being used for malware distribution, and Ramnit, a banking Trojan that has been around for some time.
While malware on Check Points list fall out of the top 10 spot over a period of time, there is surprisingly little churn over short periods. The same threats tend to remain on the list month after month, though occasionally there are sudden surges of specific threats, Dembinsky says.
We see there is a very wide range of threats, coming from multiple attack vectors—Web, emails, vulnerabilities, he notes. Organizations must use a multi-layered and advanced cybersecurity strategy, both on the technical side and on the educational side.
Related Content:
Cryptomining Malware Continues Rapid Growth: Report
Cryptomining Dethrones Ransomware as Top Threat in 2018: Webroot
5 Steps to Fight Unauthorized Cryptomining
7 Ways to Protect Against Cryptomining Attacks

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Cryptomining Continues to Be Top Malware Threat