Cryptocurrency Mining Malware Tops Most Wanted Malware List

January 23, 2019


Check Point’s Most Wanted Malware report for December 2018 demonstrates that cryptocurrency mining malware was the top malware danger in December. The top four malware dangers in December 2018 were all cryptocurrency miners.

Top position goes to the Monero miner Coinhive: An online miner that utilizes the processing power of visitors’ computers every time they visit a website that has had the miner installed. Coinhive has topped the Most Wanted Malware list for the past 13 months and it is projected that the malware impacts 12% of companies throughout the world. Cryptocurrency mining malware variations XMRig, Jsecoin, and Cryptoloot take 2nd, 3rd, and 4th place respectively.

The move to cryptocurrency mining is clear given the growth in value of cryptocurrencies in late 2017; however, even though the value of those cryptocurrencies has dropped, cryptocurrency mining malware still accounts for half of the top 10 malware dangers.

The Emotet banking Trojan has climbed to 5th position in the top 10 list. Emotet is spread through phishing electronic mails containing malevolent attachments and is a highly advanced banking Trojan capable of self-propagation. The modular malware is regularly updated and now serves as a downloader for other malware variations, including Ryuk ransomware.

6th place is taken by Nivdort – A password stealer and malware downloader that is capable of changing system settings. Nivdort is also mainly spread through spam email.

The IRC-based Dorkbot worm slips down to 7th position in December. Dorkbot allows attackers to distantly execute code on an infected appliance and the malware also serves as a downloader of other malware.

The Ramnit banking Trojan has climbed to 8th position, and for the first time, Smokeloader has made the top ten list. Smokeloader is a second stage downloader for Windows that is utilized to download a range of malware variations, including the AZORult information stealer and Trickbot.

Authedmine, another cryptocurrency mining malware variation, claims 10th position. Authedmine is a variation of Coinhive.

“The variety of the malware in the index means that it is critical that companies use a multi-layered cybersecurity strategy that safeguards against both traditional malware families and brand new threats,” said Maya Horowitz, Check Point’s Threat Intelligence and Research Group Manager.