Crypto-mining malware problem getting worse; mobiles affected too: McAfee
Crypto-mining malware samples surged 86% in the second quarter of 2018 as the computing power of a wider variety of devices is being exploited by hackers to mine cryptocurrencies for third parties, IT security services provider McAfee said on Thursday.
The firm said that though less common than ransomware, crypto-mining malware has quickly emerged as a factor on the threat landscape.
New crypto-mining malware samples had grown a whopping 629% to more than 2.9 million samples in the first quarter of 2018.
"This trend continued in Q2 as total samples grew by 86% with more than 2.5 million new samples," said Christiaan Beek, lead scientist with McAfee Advanced Threat Research. “McAfee Labs has even identified what appear to be older malware, such as ransomware, newly retooled with mining capabilities.”
He added that in some cases, crypto-mining malware targets specific groups rather than a broad field of potential victims.
For instance, one crypto-mining malware strain has targeted gamers on a Russian forum by posing as a “mod”, claiming to enhance popular games. Gamers were then tricked into downloading the malicious software, which proceeded to use their computing resources for profit.
The McAfee Labs report also pointed out that though crypto-mining malware primarily targets personal computers, other devices have also become victims. For instance, Android phones in China and South Korea have been exploited by the ADB.Miner malware, thereby producing Monero cryptocurrency for its perpetrators.
“A few years ago, we wouldn’t think of internet routers, video-recording devices, and other Internet of Things devices as platforms for crypto-mining because their CPU speeds were too insufficient to support such productivity,” Beek said.
“Today, the tremendous volume of such devices online and their propensity for weak passwords present a very attractive platform for this activity,” he added.
McAfee Labs also observed that malware exploiting software vulnerabilities was on the rise, recording a 150% increase in the second quarter.
“It’s still surprising to see numerous vulnerabilities from as far back as 2014 used successfully to spearhead attacks, even when there have been patches available for months and years to deflect exploit,” Beek continued. “This is a discouraging testament to the fact that users and organisations still must do a better job of patching vulnerabilities when fixes become available.”
The report also talked about the company discovering a vulnerability in Microsoft Windows 10’s Cortana voice assistant and a new billing-fraud campaign by at least 15 apps on Android’s Google Play Store.
The new campaign demonstrates that cybercriminals keep finding new ways to steal money from victims using apps on official stores such as Google Play, Beek said.
In addition, the report shows that the total number of ransomware samples continues to grow, increasing 57% over the past four quarters while new mobile malware samples increased by 27% in Q2.