Security

Report: Crypto-mining malware infections exploded in December

Security firm Check Point reports that malware that covertly mines cryptocurrency infected 55% of businesses in December, climbing to the top of its most wanted malware list.

Building a slide deck, pitch, or presentation? Here are the big takeaways:

  • Scripts and software that secretly mine cryptocurrency using website visitors' CPUs are on the rise, becoming two of the three most widespread infections in December 2017.—Check Point
  • IT teams need to ensure their antivirus software is up to date and that users' web browsers are protecting them from malicious scripts and ads.—TechRepublic

Research from Check Point is pointing to a rising trend in malware: cryptocurrency mining. Its Most Wanted Malware report from December 2017 placed two crypto-mining malwares in the top three most prevalent infections, and a total of 10 variants in the top 100.

Of the two in the top three, Coinhive is a legitimate mining app that has been turned to nefarious purposes by several strains of malware for desktop and mobile devices. The other, Crypto- Loot, is designed to be legitimate as well but has also crossed over into the malware realm.

Not all coin mining is illegitimate, Check Point said, adding that "the tools can be hacked to dominate more power and generate more revenue, using as much as 65% of the end-users' CPU power."

Crypto-mining gone wild

As it was originally intended, software like Coinhive and Crypto-Loot is designed to offer websites an alternative to advertising. Instead of requiring users to be bombarded by ads, a site could offer an ad-free experience in exchange for a sliver of CPU power that the company would use to mine cryptocurrency like Bitcoin.

The key element is the ability to opt in, especially considering a user's hardware is being hijacked to do the mining. Where Coinhive and Crypto-Loot become malware is when user's aren't asked, code is altered to take more resources, and/or the mining doesn't end when a user leaves the site.

SEE: It leader's guide to the threat of fileless malware (Tech Pro Research)

Check Point reports that crypto-mining software has been injected into "some top websites." Check Point doesn't name names, but it states that culprits include media streaming and file sharing websites.

Prevent and detect crypto-mining malware

With 55% of businesses being impacted by crypto-mining malware in December there's a good chance you've dealt with it. Not all cryptocurrency mining malware comes from websites, either. As Kaspersky Lab points out, many crypto-mining infections are due to droppers as well.

Preventing crypto-mining infections is just like preventing other malware from intruding on your managed machines: Install reliable antivirus software and make sure its definitions are kept up to date.

SEE: Incident Response Policy (Tech Pro Research)

As for crypto-mining software that is secretly running on websites, it can be blocked by preventing JavaScript or other website scripts from executing. This can be done through addons like NoScript for Firefox or ScriptBlock for Chrome, though it can be a bit tricker to block scripts on other browsers. It's also worth noting that adblockers can often block crypto-mining scripts.

Lastly, be sure whichever antivirus software you are running has its active scanning option enabled. When I attempted to run the demo on Crypto-Loot's website, McAfee immediately popped up to tell me it detected an infection, which it had blocked and cleansed. If protections like that are in place on your systems you won't have to worry about CPU hijacking or hardware damage.

bitcoin-mining.jpg
Getty Images/iStockphoto

Also see

About Brandon Vigliarolo

Brandon writes about apps and software for TechRepublic. He's an award-winning feature writer who previously worked as an IT professional and served as an MP in the US Army.

Editor's Picks

Free Newsletters, In your Inbox