Crypto-Mining Malware is Catching Up

According to Check Point’s latest Global Threat Impact index, nearly 23 percent of organizations across the world is affected by the Coinhive – the Crypto-mining malware that drains CPU power to mining malware.

The cybersecurity experts found three different variants of crypto-mining, malware and Coinhive ranks on top. Other miners that made their way to the list are JSEcoin, and Cryptoloot, that stands at 5th and 8th subsequently. It was seeing how one in five organizations across the world is affected by some coinhive variant.

Crypto-mining, malware is all about hijacking your CPU power by cybercriminals to mine cryptocurrency. The Coinhive uses the inbuilt Javascript to use the computer resource, thereby affecting the performance of the system in a negative way.

According to Cyberscoop, Salon uses Coinhive to mine the cryptocurrency Monero. Some crypto-miners have been intentionally injected into several top websites, mostly media streaming and file sharing services. Since last week, media outlet Salon has been presenting visitors using an ad-blocker with a popup window offering two options: disable the blocker or choose a “suppress ads” option, which the site explains if selected will allow “Salon to use your unused computing power.”

The tools can use 65 percent of the user’s CPU, and interestingly, it can be hacked to generate more power and revenue. Last but not the least some of this activity is legitimate and legal in some part of the world.

Maya Horowitz, Threat Intelligence Group Manager at Check Point says “Crypto-mining, malware is particularly challenging to protect against, as it is often hidden in websites, enabling hackers to use unsuspecting victims to tap into the huge CPU resource that many enterprises have available. He added, “Over the past three month’s crypto mining, malware has steadily become an increasing threat to organizations, as criminals have found it to be a lucrative revenue stream.”

The popularity has made an interesting proposition that has led to its significant increase in usage for crypto mining malware.

Kaspersky Lab reported how the vulnerability in the desktop version of the Telegram messaging app was converted into a crypto-miner. The malware tricked the Telegram users to download malicious files, which would then be used to deliver crypto-mining software and spyware. The vulnerability was noted back in March 2017, and it was also reported that cryptocurrencies included Zcash and Monroe

Earlier this month, hackers infected thousands of websites, including ones run by the US and UK government agencies, with crypto-mining malware. The attack, noticed by security researcher Scott Helme, was pulled off by compromising a fairly popular plugin used by all the affected sites called Browsealoud.

The year started on a sad note when thousands of websites were infected, including the one run by the government agencies. Scott Helme the security researcher noted the attacked, and he was later pulled off for using Browsealand a popular plugin that enabled the attack on all the websites.

UK firm Texthelp developed Browsealoud, a suite of accessibility and translation tools. The plugin was edited by attackers to embed a script that uses visitors’ computers to mine Monero, according to Helme.