Hackers Now Launch Cryptomining Campaigns That Operate Without Active Browsers

Hackers are now increasingly exploiting cryptojacking malware without needing active browsers, as per a recent report.

Cyber security firm Check Point, in its latest Global Threat Index, states how hackers today find ways to launch cryptomining campaigns that operate without active web browsers. The Check Point Research Team discusses a surge of hacking attacks using cryptomining malware in March this year, with a specific focus on an endpoint cryptomining malware known as the XMRig variant.

XMRig was first discovered in May 2017 and in just a short time, it has become one among the most popular cryptomining malware that’s used by cyber criminals. A Check Point press release discussing the Global Threat Index says- “First seen in the wild in May 2017, XMRig entered Check Point’s top ten most wanted malware index (8th) for the first time during March 2018, after a 70% increase in global impact. By working on the end point device rather than the web browser itself, XMRig is able to mine the Monero cryptocurrency without needing an active web browser session on the victim’s computer.”

The press release also quotes Check Point Threat Intelligence Group Manager Maya Horowitz, who states- “Cryptomining malware has been quite the success story for cybercriminals, and XMRig’s rise indicates that they are actively invested in modifying and improving their methods in order to stay ahead of the curve…Besides slowing down PCs and servers, cryptomining malware can spread laterally once inside the network, posing a major security threat to its victims. It is therefore critical that enterprises employ a multi-layered cybersecurity strategy that protects against both established malware families and brand new threats.”

As per the Check Point Global Threat Index, in March, Coinhive retained, for the fourth consecutive month, its post as the most wanted malware; it has impacted 18 percent of organizations. Rig EK Exploit Kit occupied the second spot and impacted 17 percent of organizations while the Cryptoloot miner ranked third and impacted 15 percent organizations. XMRig, the aforementioned cryptomining malware, ranked eighth and impacted 5 percent of organizations.

Roughted, Jsecoin, Fireball, Andromeda, Necurs and Conficker are the other names that feature in the ‘ March 2018’s Top 10 ‘Most Wanted’ Malware’ list.

Check Point has also given a list of the three ‘Most Wanted’ mobile malware; Lokiboot, an Android banking Trojan and info-stealer that grants super-user privileges to download malware, ranked first. (Lokiboot also turns into a ransomware that locks the device). Triada (a modular backdoor that grants superuser privileges to download malware) ranked second and Hiddad (Android malware that repackages legitimate apps before releasing them to a third-party store) ranked third.

There’s also a list of the Top 3 ‘Most Wanted’ vulnerabilities for March. Oracle WebLogic WLS Security Component Remote Code Execution (CVE-2017-10271) got the top slot while SQL Injection ranked second and Microsoft Windows HTTP.sys Remote Code Execution (MS15-034: CVE-2015-1635) ranked third.