Cryptomining Malware Grows by 86% in Q2: McAfee Report

There has been an increase in the number of cryptomining malware attacks in the second quarter of 2018, according to a report by McAfee Labs.

The McAfee Labs Threats Report, released this week, has revealed that the total samples of cryptomining malware used by hackers have grown by 86% in the second quarter of 2018. Over 2.5 million new malware of this category have been found in Q2, as per the report.

The McAfee report says, ” Coin miner malware remains very active; total samples grew by 86% in Q2, with more than 2.5 million new files added to the malware database. ”

A McAfee press release, dated September 24, 2018, says, “In the second quarter, McAfee Labs saw the surge in cryptomining malware growth that began in Q4 2017 continue through the first half of 2018.”

The press release further reads, “Although less common than ransomware, cryptomining malware has quickly emerged as a factor on the threat landscape. After growing around 400,000 in the fourth quarter of 2017, new cryptomining malware samples grew a stunning 629% to more than 2.9 million samples in Q1 2018. This trend continued in Q2 as total samples grew by 86% with more than 2.5 million new samples. McAfee Labs has even identified what appear to be older malware such as ransomware newly retooled with mining capabilities.”

As revealed in detail in the McAfee press release, there are instances when hackers using cryptomining malware target specific groups. An example that’s discussed is the attack targeting gamers on a Russian forum by posing as a “mod” that claimed to enhance popular games. The gamers were thus tricked into downloading the malware, which then used the system resources for making profits. It’s also pointed out that in addition to PCs, cryptomining malware also target other devices. The ADB Miner malware had exploited Android phones in Korea and China for generating Monero cryptocurrency.

The release quotes Christiaan Beek, Lead Scientist and Senior Principal Engineer with McAfee Advanced Threat Research as saying, “A few years ago, we wouldn’t think of internet routers, video-recording devices, and other Internet of Things devices as platforms for cryptomining because their CPU speeds were too insufficient to support such productivity. Today, the tremendous volume of such devices online and their propensity for weak passwords present a very attractive platform for this activity. If I were a cybercriminal who owns a botnet of 100,000 such IoT devices, it would cost me next to nothing financially to produce enough cryptocurrency to create a new, profitable revenue stream. ”

Other areas covered in the report

The McAfee Lab Threats Report also discusses certain other areas. The following are the notable ones among these-

• New malware samples specifically designed to exploit software vulnerabilities increased by 151% in Q2. The McAfee press release quotes Christian Beek- “WannaCry and NotPetya provided cybercriminals compelling examples of how malware could use vulnerability exploits to gain a foothold on systems and then quickly propagate across networks. It’s still surprising to see numerous vulnerabilities from as far back as 2014 used successfully to spearhead attacks, even when there have been patches available for months and years to deflect exploits. This is a discouraging testament to the fact that users and organizations still must do a better job of patching vulnerabilities when fixes become available.”
• The McAfee team also discovered a vulnerability in the Cortana voice assistant in Microsoft Windows 10. Microsoft had released a patch in June for this flaw, which could have allowed hackers to execute code by logging into a locked Windows 10 system. McAfee addressed three vectors of research, which have been combined by Microsoft and together represent the flaw, CVE-2018-8140.
• The research also identified top security threats for those who use and implement blockchain technologies. It was found that phishing, malware and implementation vulnerabilities were the primary attack vectors.
• The report pointed out that the total number of ransomware samples have grown by 57% over the past four quarters, despite the fact that the appearance of new ransomware families has slowed overall in the recent quarters. Established ransomware families have been seen spawning new variants.
• New mobile malware samples too have increased in the second quarter of 2018; there has been a 27% increase.
• There has been a 204% increase in new samples of JavaScript malware; hackers seem to have shifted to a new generation of JavaScript malware. While the last three quarters registered a dip over the last three quarters, JavaScript malware has now accounted for more than 7 million samples, which is a record high and which is around 2 million more compared to Q1.
• The McAfee Mobile Research team had detected a new billing-fraud campaign involving around 15 apps on Google Play.
• New LNK malware also continues to increase and cybercriminals are now increasingly using .lnk shortcuts to surreptitiously deliver malicious PowerShell scripts and other malware.