Cryptojacking

Three in-browser cryptocurrency mining scripts ranked first, second, and fourth in Check Point's most active malware top ten, outranking classic high-output malware distribution infrastructures such as spam botnets, malvertising, and exploit kit operations.

The three are Coinhive (ranked #1), Crypto-Loot (ranked #2), and JSEcoin (ranked #4). These three are online services that offer JavaScript libraries that website owners can embed on their sites and generate profit by using their visitors' CPU resources to mine the Monero cryptocurrency.

While all three are legitimate services, the JavaScript libraries provided by these three services have been abused by malware authors.

This JavaScript code has been found surreptitiously added to hacked sites, inside mobile apps, in gaming mods, desktop software, and a bunch of other places. It's almost everywhere these days, and you can't go anywhere online without tripping over a site that runs an in-browser cryptocurrency mining (cryptojacking) script in the background.

It's because of this prevalence that some AV vendors have started detecting such scripts as malware.

In Check Point's case, the company says that its security products have detected cryptojacking detections across 42% of the organizations they protect. Coinhive was the leader, with detections found on 20% of all customers, followed by Crypto-Loot with 16%.

Currently, the best ways of stopping websites from abusing your CPU to mine Monero via cryptojackers such as Coinhive, Crypto-Loot, or JSEcoin is to run an antivirus or one of the many browser ad blockers add-ons that can block such scripts, similarly to how they block advertising domains.

Readers looking for an introduction into cryptojacking can find additional information on this trend in a research paper entitled "A first look at browser-based cryptojacking," that will be presented at the IEEE Security and Privacy on the Blockchain (IEEE S&B) UK workshop, in April this year.

For the curious, below are Check Point's top 10 desktop threats and top 3 mobile threats rankings:

①  Coinhive - in-browser cryptocurrency miner
②  Crypto-Loot - in-browser cryptocurrency miner
③  RIG EK - exploit kit
④  JSEcoin - in-browser cryptocurrency miner
⑤  RoughTed - malvertising campaign
⑥  Fireball - Windows adware network
⑦  Necurs - spam botnet
⑧  Andromeda - malware downloader/botnet
⑨  Virut - multi-purpose malware botnet
⑩  Ramnit - banking trojan, malware downloader
①  Triada - Android banking trojan
②  Lokibot - Android banking trojan
③  Hiddad - Android adware

Related Articles:

Coinhive Raking In Over $250,000 per Month From In-Browser Cryptomining

CroniX CryptoMiner Kills Rivals to Reign Supreme

Massive Coinhive Cryptojacking Campaign Touches Over 200,000 MikroTik Routers

Xbash Malware Deletes Databases on Linux, Mines for Coins on Windows

New Botnet Hides in Blockchain DNS Mist and Removes Cryptominer