Cryptocurrency mining malware exploded last month, according to the latest Global Threat Index by Check Point. More than that, it seems to be hitting iPhones more than anything else.
“Check Point’s researchers detected a near-400% increase in crypto-mining malware attacks against iPhones. The surge was seen in the last two weeks of September, when attacks against users of the Safari browser also rose significantly,” the organization said in its report.
The fact that it mentions browsers arouses suspicion that this isn’t an iPhone-specific phenomenon since it might be a mining script. These suspicions were confirmed when the report later mentioned Coinhive.
According to Check Point, its Index considered Coinhive the largest threat consecutively since December 2017. The difference now is that the mining script runs on more sites that are frequented by iOS platform users.
Among cryptocurrency mining malware, a worm called Dorkbot occupies second place, below Coinhive. XMRig has been used in fewer attacks lately, moving down to eighth place and confirming the idea that it’s difficult to keep machines infected with payload-based malware long enough to make any notable profit.
The strategy now for hackers appears to be getting their victims to voluntarily download malware or visit sites that have been hijacked and injected with the Coinhive script, the latter appearing to be the most popular option.
The exception to this rule are worms and other types of software that infiltrate the victim’s computer using simple mechanisms and making their activities less obvious. A few examples of this are Dorkbot and Andromeda.
Another recent report by McAfee shows that cryptocurrency mining malware continues to grow at unprecedented rates as the most popular type of attack.
The report also notes the rise in demographically-targeted attacks. One example of this is a Russian gaming forum where a hacker published a “mod” that purported to enhance the game.
Instead of providing any new benefits to the gamer, it would mine coins for the hacker. We might see more of this trend in the future, but the tendency will likely continue to be to cast as wide a net as possible.
After all, having millions of potential victims beats having a few hundred when it comes to mining.