IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Hackers are increasingly exploiting cryptojacking malware without needing active browsers

Crypto malware is quickly extending to non-browser applications, says Checkpoint

Bitcoin cryptocurrency mining

Hackers are quickly finding ways to launch cryptomining campaigns without the need for an active web browser, according to new research from Checkpoint.

The security firm's latest Global Threat Index has revealed a surge of cryptocurrency malware attacks, specifically an endpoint variant called XMRig.

First discovered in May 2017, XMRig has quickly become one of the most popular types of cryptomining malware among cyber criminals.

Between the date of discovery in May 2017 and March 2018, the malware had a 70 per cent increase in global impact. XMRig is so effective because it operates through end-points devices such as PCs and smartphones, rather than the web browser.

With it, crooks can mine the Monero cryptocurrency on apps that are running in the background instead of a web browser. These attacks normally go unnoticed.

As well as the rise of XMRig, the threat index reveals that Coinhive is still the most popular cryptocurrency mining script to get integrated into 'cryptojacking' malware, with it impacting 18 per cent of organisations.

The Rig EK 'exploit kit' came in a close second, scoring 17 per cent. The kit lets hackers exploit Flash, Java, Silverlight and Internet Explorer to launch cryptomining campaigns.

Meanwhile, Cryptoloot is listed as the third most wanted cryptocurrency malware. It harvests the victim's GPU or GPU power to mine cryptocurrencies.

Checkpoint has also ranked the most common mobile malware, with Android banking trojan Lokibot at the top of the list. With it crooks can steal important business information and lock people's phones

Triada, which is a described as a "modular backdoor for Android", is second on the list. The malware backdoor gives hackers superuser privileges over an infected device allowing them to download further malware. Hiddad, which repackages popular apps and sends them to third-party stores, is in last place.

The security research firm analysed the most exploited cyber vulnerabilities as well, with an Oracle remote code execution vulnerability (CVE-2017-10271 sporting a global impact of 26 per cent, the SQL injection vulnerability at 19 per cent, and a Microsoft Windows flaw (CVE-2015-1635) at 12 per cent.

Maya Horowitz, threat intelligence group Manager of Check Point, said cryptomining campaigns have been a "success story" for cyber criminals.

"XMRig's rise indicates that they are actively invested in modifying and improving their methods in order to stay ahead of the curve," Horowitz explained.

"Besides slowing down PCs and servers, cryptomining malware can spread laterally once inside the network, posing a major security threat to its victims.

" It is therefore critical that enterprises employ a multi-layered cybersecurity strategy that protects against both established malware families and brand new threats."

As interest builds around Bitcoin and other cryptocurrencies, malware and hack attacks designed to illegitimately generate digital money are likely to become more prevalent in the cyber security world, something IT managers and security officers should take note of. 

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

What is cryptocurrency mining?
cryptocurrencies

What is cryptocurrency mining?

27 May 2022
IMF urges El Salvador to remove Bitcoin as legal tender
cryptocurrencies

IMF urges El Salvador to remove Bitcoin as legal tender

26 Jan 2022
El Salvador announces plans to build a 'Bitcoin city' at the foot of a volcano
cryptocurrencies

El Salvador announces plans to build a 'Bitcoin city' at the foot of a volcano

22 Nov 2021
Cryptocurrency: Should you invest?
cryptocurrencies

Cryptocurrency: Should you invest?

27 Oct 2021

Most Popular

Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022
Macmillan Publishers hit by apparent cyber attack as systems are forced offline
Security

Macmillan Publishers hit by apparent cyber attack as systems are forced offline

30 Jun 2022
FCC commissioner urges Apple and Google to remove TikTok from app stores
data protection

FCC commissioner urges Apple and Google to remove TikTok from app stores

29 Jun 2022