Crypto-Mining Malware is Catching Up
According to Check Point’s latest Global Threat Impact index, nearly 23 percent of organizations across the world is affected by the Coinhive – the Crypto-mining malware that drains CPU power to mining malware.
The cybersecurity experts found three different variants of crypto-mining, malware and Coinhive ranks on top. Other miners that made their way to the list are JSEcoin, and Cryptoloot, that stands at 5th and 8th subsequently. It was seeing how one in five organizations across the world is affected by some coinhive variant.
According to Cyberscoop, Salon uses Coinhive to mine the cryptocurrency Monero. Some crypto-miners have been intentionally injected into several top websites, mostly media streaming and file sharing services. Since last week, media outlet Salon has been presenting visitors using an ad-blocker with a popup window offering two options: disable the blocker or choose a “suppress ads” option, which the site explains if selected will allow “Salon to use your unused computing power.”
The tools can use 65 percent of the user’s CPU, and interestingly, it can be hacked to generate more power and revenue. Last but not the least some of this activity is legitimate and legal in some part of the world.
Maya Horowitz, Threat Intelligence Group Manager at Check Point says “Crypto-mining, malware is particularly challenging to protect against, as it is often hidden in websites, enabling hackers to use unsuspecting victims to tap into the huge CPU resource that many enterprises have available. He added, “Over the past three month’s crypto mining, malware has steadily become an increasing threat to organizations, as criminals have found it to be a lucrative revenue stream.”
The popularity has made an interesting proposition that has led to its significant increase in usage for crypto mining malware.
Kaspersky Lab reported how the vulnerability in the desktop version of the Telegram messaging app was converted into a crypto-miner. The malware tricked the Telegram users to download malicious files, which would then be used to deliver crypto-mining software and spyware. The vulnerability was noted back in March 2017, and it was also reported that cryptocurrencies included Zcash and Monroe
Earlier this month, hackers infected thousands of websites, including ones run by the US and UK government agencies, with crypto-mining malware. The attack, noticed by security researcher Scott Helme, was pulled off by compromising a fairly popular plugin used by all the affected sites called Browsealoud.
The year started on a sad note when thousands of websites were infected, including the one run by the government agencies. Scott Helme the security researcher noted the attacked, and he was later pulled off for using Browsealand a popular plugin that enabled the attack on all the websites.
UK firm Texthelp developed Browsealoud, a suite of accessibility and translation tools. The plugin was edited by attackers to embed a script that uses visitors’ computers to mine Monero, according to Helme.
Julia Sowells178 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.