Hackers Still Favor Cryptojacking Malware Despite Bearish Cryptocurrency Market Conditions

Crypto mining malware still commonplace despite bearish crypto market.
Popular Article
DAOs EcoSapiens
ReFi landscape
DAOs EcoSapiens

Regenerative Finance 101: A Guide to Crypto’s ReFi Movement

Cryptocurrency mining malware topped the 2018 threat index list. This is according to a report released by Checkpoint. It lists crypto mining malware as the most common and highlights Coinhive as the leading cryptojacking device.

Coinhive is a legitimate Javascript miner that allows website owners to monetize their platforms by harnessing the processing power of devices used by visitors. It has in this instance been classified as malware mainly because of its installation on thousands of websites via exploits and without visitors’ or owners’ consent.

The Javascript software can be set to use a certain percentage of a device’s computing power via the browser. Users on a webpage with the embedded script usually experience a reduction in performance latency. Hardware overheating issues and a lowering of battery life are a few indicators that a machine has been infected. Coinhive is programmed to mine Monero as long as a visitor is on the website.

An analysis via the Publicwww code search engine estimates that over 16,000 websites currently have the Coinhive miner installed.

Early last year when the crypto market was experiencing an unprecedented boom, search statistics indicated that over 50,000 websites were using the Coinhive miner. These figures have gone down in lockstep with the bearish crypto market.

According to the Checkpoint report, the script has affected over 10 percent of all organizations worldwide and has been the top malware for 13 consecutive months now. XMRig, an open source CPU cryptocurrency mining software, took second place in the top ten malware list.

Jsecoin, a browser-based Javascript miner that enables users to mine crypto while enjoying an ad-free experience, came in third. Cryptoloot was in the fourth position. It has striking similarities to Coinhive and allows website owners to use visitors’ computing power to mine Monero. XMRig had an eight percent global reach, according to the report, while JSEcoin had seven percent.

Hackers Also Using CMS Based Exploits

Last year, security researcher Troy Mursch uncovered a cryptojacking campaign that relied on vulnerable versions of the Drupal content management system (CMS) to spread crypto mining malware.

A few major sites got infected, including Lenovo and the San Diego Zoo. Over 400 websites got hacked and had a miner injected. Within the past year, major sites such as The Los Angeles Times, Blackberry, and Showtime have fallen victim to such schemes.

Larger targets are riskier for hackers as most major networks have enhanced website security systems, but the rewards are substantial. The immense traffic offers a tremendous range of possibilities for hackers who can target millions of devices within a short period.

Malicious parties can use Remote Access Trojan (RAT) techniques, for example, to take over millions of infected systems and download a cryptojacking payload. Monero’s pseudonymous features are an additional convenience for hackers, as they can easily get away with their misdeeds.

[thrive_leads id=’5219′]

Hackers Are Becoming More Innovative

According to a recent report released by McAfee, crypto mining malware attacks have increased by over 4,000 percent within the past 12 months. It also indicates that hackers are becoming more innovative in launching attacks.

One exploit that was recently discovered by Remco Verhoef, a security researcher, targeted the Mac OS and involved executing a single line of code to launch the payload.

The hacker broadcasted messages on cryptocurrency chat boards on Slack, Discord, and Telegram asking users to execute a command via Terminal on their Mac to apparently fix a crypto transfer completion bug.

The technique was relatively simple but allowed the hacker to bypass Gatekeeper, which prevents malicious software from executing. Commands run via Terminal are not scrutinized, and this is what makes the hack particularly effective. Once a user executes the command, the hacker is allowed remote access to the computer. The hacker can also install crypto mining malware via the exploit.

Although cryptojacking attacks have increased over the past two years, momentum seems to have subsided as bearish cryptocurrency market conditions prevail.

Legal Disclaimer

CoinCentral’s owners, writers, and/or guest post authors may or may not have a vested interest in any of the above projects and businesses. None of the content on CoinCentral is investment advice nor is it a replacement for advice from a certified financial planner.