Cryptocurrency Mining Malware Tops Most Wanted Malware List

Check Point’s Most Wanted Malware report for December 2018 demonstrates that cryptocurrency mining malware was the principal malware danger in December. The top four malware dangers in December 2018 were all cryptocurrency miners.

Top place goes to the Monero miner Coinhive: An online miner that utilizes the processing power of visitors’ computers whenever they visit a website that has had the miner fitted. Coinhive has topped the Most Wanted Malware list for the past 13 months and it is approximated that the malware impacts 12% of companies around the world. Cryptocurrency mining malware variations XMRig, Jsecoin, and Cryptoloot take 2nd place, 3rd, and 4th place respectively.

The move to cryptocurrency mining is comprehensible given the increase in the value of cryptocurrencies in late 2017; however, even though the value of those cryptocurrencies has dropped, cryptocurrency mining malware still accounts for half of the top 10 malware dangers.

The Emotet banking Trojan has climbed to 5th place in the top 10 list. Emotet is spread through phishing electronic mails containing malevolent attachments and is a highly developed banking Trojan capable of self-propagation. The modular malware is frequently updated and now serves as a downloader for other malware variations, including Ryuk ransomware.

6th place is taken by Nivdort – A password stealer and malware downloader that is able of changing system settings. Nivdort is also mainly spread through spam electronic mail.

The IRC-based Dorkbot worm goes down to 7th place in December. Dorkbot allows attackers to distantly carry out the code on an infected appliance and the malware also works as a downloader of other malware.

The Ramnit banking Trojan has climbed to 8th position, and for the first time, Smokeloader has taken place in the top ten list. Smokeloader is a second phase downloader for Windows that is used to download a range of malware variations, including the AZORult information stealer and Trickbot.

Authedmine, another cryptocurrency mining malware variation, claims 10th place. Authedmine is a variation of Coinhive.

“The variety of the malware in the index implies that it is vital that businesses use a multi-layered cybersecurity strategy that safeguards against both recognized malware families and brand new threats,” said Maya Horowitz, Check Point’s Threat Intelligence and Research Group Manager.