Cryptocurrency mining malware is the number one malware menace - again

Cryptojackers like CoinHive top Check Point’s ‘most wanted’ malware list – but Smoke Loader’s first entry points to what might be to come.
Written by Danny Palmer, Senior Writer

Cryptocurrency stealing software continues to be the most commonly distributed form of malware, according to a top ten list of the most prominent malware threats detected by security company Check Point.

Coinhive continues to be the most prominently distributed malware and it's followed by XMRig -- both of these cryptojackers secretly use the victim's computer to mine for Monero, with the profits directed into the crypocurrency wallet of the attacker.

They're followed by Jsecoin, a JavaScript miner that can be embedded into websites and runs directly in the browser, then Cryptoloot -- a direct competitor to Coinhive. Cryptoloot was second only to Coinhive during November, but its distribution has now dropped slightly.

Familiar threats like the Emotet and Ramnit banking Trojans make up much of the remainder of the 'Most Wanted' malware list -- but a new entry has rocketed up the rankings into ninth place and marks the first time a second-stage malware downloader has entered the top ten.

Smoke Loader has been active since 2011 and its primary focus is to act as a second-stage downloader for other malware -- mostly in the form of Trojans, such as Trickbot, AZORult Infostealer and Panda Banker.

See: What is malware? Everything you need to know about viruses, trojans and malicious software

Smoke Loader enters the top ten for the first time following a wave of activity during December -- particularly in Ukraine and Japan -- and suggests that more destructive, damaging malware is increasingly entering the toolbook of cyber criminals.

"December's report saw Smoke Loader appearing in the top 10 for the first time. Its sudden surge in prevalence reinforces the growing trend towards damaging, multi-purpose malware in the Global Threat Index, with the top 10 divided equally between cryptominers and malware that uses multiple methods to distribute numerous threats," said Maya Horowitz, threat intelligence and research group manager at Check Point

Researchers have also detailed the most detected malware threats on mobile devices, with the top three all used to abuse privileges on Android. Modular backdoor Triada takes the top spot, Guerilla Android ad-clicker is the second most common malicious installation on mobile, with the malware secretly and aggressively clicking on adverts without the knowledge of the user. 

The third most common Android malware for December is Lotoor -- a hacking tool that exploits vulnerabilities in the Android operating system in order to gain root privileges on compromised mobile devices.

"The diversity of the malware in the Index means that it is critical that enterprises employ a multi-layered cybersecurity strategy that protects against both established malware families and brand new threats," said Horowitz.


Editorial standards