GLOBE NEWSWIRE: According to the latest Global Threat Impact Index by Check Point Software Technologies, cryptocurrency mining was an increasingly prevalent form of malware during October, as organizations were targeted with the CoinHive variant.
Following up on recent Check Point research that found that crypto-miners can fraudulently use up to 65 percent of an end-user’s total CPU resources without the end-user’s approval, the CoinHive variant entered the Index in 6th place in October. The malware is designed to mine the Monero cryptocurrency when a user visits a web page, without the user’s approval. CoinHive implants JavaScript, which then uses high levels of the end-users’ CPU, severely impact the machine’s performance.
As in September, RoughTed and Locky remained the two most prevalent threats. However, there was a new entry to the top three: the ‘Seamless traffic redirector’ malware. This malware silently redirects the victim to a malicious web page, leading to infection by an exploit kit. Successfully infecting the target allows the attacker to download additional malware.
Maya Horowitz, Threat Intelligence, Group Manager at Check Point commented: “The emergence of Seamless and CoinHive once again highlights the need for advanced threat prevention technologies in securing networks against cyber-criminals. Crypto mining is a new, silent, yet significant actor in the threat landscape, allowing threat actors to make significant revenues while victims’ endpoints and networks suffer from latency and decreased performance.”
October 2017’s Top 3 ‘Most Wanted’ Malware:
*Arrows indicate change in rank compared to the previous month.
↔ RoughTed – A purveyor of ad-blocker aware malvertising responsible for a range of scams, exploits, and malware. It can be used to attack any type of platform and operating system, and utilizes ad-blocker bypassing and fingerprinting in order to make sure it delivers the most relevant attack.
↔ Locky – Ransomware that started its distribution in February 2016, and spreads mainly via spam emails containing a downloader disguised as a Word or Zip attachment and then downloads and installs the malware that encrypts the user files.
↑ Seamless – Traffic Distribution System (TDS), which operates by silently redirecting the victim to a malicious web page, leading to infection by an exploit kit. Successful infection will allow the attacker to download additional malware to the target
The most popular malware used to attack organizations’ mobile assets saw one change from September, with Android ransomware LeakerLocker appearing in second place.
Top 3 ‘Most Wanted’ mobile malware:
Triada – Modular Backdoor for Android that grants super-user privileges to downloaded malware and helps it to get embedded into system processes. Triada has also been seen spoofing URLs loaded in the browser.
LeakerLocker – Android ransomware that reads personal user data, and then presents it to the user and threatens to leak it online if ransom payments aren’t met.
Lotoor – Hack tool that exploits vulnerabilities on Android operating system to gain root privileges on compromised mobile devices.