Crypto-Mining Malware Tops Check Point List of Top Cyber-Threats

In its latest Global Threat Index, security firm Check Point highlighted the top 10 malware types affecting companies today. The list, which was compiled after Check Point’s evaluation of 11 million malware signatures, suggests crypto-mining malware remains the most prevalent threat to enterprises followed by malvertising, browser hijackers and botnets.  Check Point also found that enterprises are still not doing enough to patch known vulnerabilities that are being exploited by hackers and cyber-criminal, making unwary companies vulnerable to crypto-mining attacks, ransomware, data breaches and other losses. This eWEEK slide show will discuss the top 10 threats in more detail.

Coinhive is the most widely deployed targeting companies, according to Check Point’s evaluation. The malware takes control over machines processing power to mine the Monero crypto-currency. In order to do that, however, unsuspecting victims need to visit a malicious webpage to pick up the Coinhive malware infection

Next up is Cryptoloot. Like Coinhive, Cryptoloot is a Crypto-Miner, but doesn’t specifically target Monero when it takes control over computers. Cryptoloot uses a computer’s processing power to create false crypto-currency transactions that are posted to the blockchain ledger for Bitcoin and other crypto-currency types. It also tries to release new currency through the infected machines.

Roughted is a malvertising attack that creates a large number of malicious websites infested with adware, exploit kits, and ransomware among other malware, according to Check Point. The malicious files can target computers running any operating system and are capable of bypassing ad-blockers and other protective measures to deliver a malware payload.

Check Point describes Jsecoin as a JavaScript crypto-currency miner that infects websites. Once Jsecoin infects a web site it enables the transfer of crypto-currency for the payment of goods and services, usually for illegal transactions.

Andromeda is what Check Point calls a “modular bot.” The malware is typically used in the corporate world as a hidden backdoor that allows even more malicious software to be installed on an infected machine or network to steal data or plant ransomware. It can also be used to create a variety of botnets, according to Check Point.

Fireball is a browser hijacker that malicious hackers often use as a malware downloader, according to Check Point. It’s a scary malware that can execute malicious code from afar and has been known to steal victims’ user credentials and install additional malware once it’s infected a corporate machine.

XMRig is another crypto-mining hack that uses an infected computer’s CPU resources to mine the crypto-currency Monero. According to Check Point, XMRig was first discovered in May 2017 but is now the seventh-most-prevalent malware that is hitting corporate computers these days.  

Dorkbot is an IRC (internet relay chat) worm that breaks into a victim’s computer and allows malicious hackers to remotely execute code. Dorkbot is also capable of downloading more malware onto a machine. So far, the malware has mainly been used to steal company data and launch denial-of-service attacks, according to Check Point.

Nivdort is a bot that also goes by the name Bayrob. The malware frequently invest corporate computers to steal passwords and alter system settings. In some cases, Nivdort acts as a gateway that allows more malware to be downloaded to a computer. Nivdort typically relies upon spam to target companies.

Necurs is a botnet that targets companies through spam emails to spread ransomware by duping email recipients into clicking on malicious links and files. Necurs is also used to spread banking Trojans, according to Check Point.