McAfee Labs: Cryptojacking rose by over 4000 percent in 2018, and threat actors are now targeting IoT devices.
Cryptojacking is the practice of using a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge. The McAfee statistic of over 4000 percent specifically refers to total instances of a cryptojacking malware, referred to in the study as “coin miner.”
The report extends to a range of new crypto mining malware threat vectors, which notably include a spike in new malware targeting Internet of Things (IoT) devices:
“New [mining] malware targeting IoT devices grew 72%, with total malware growing 203% in the last four quarters. New coinmining malware grew nearly 55%, with total malware growing 4,467% in the last four quarters.”
As the report notes, the rise in IoT-targeting threats is somewhat surprising, given the low CPU processing power of the devices. Yet, the report continues, “cybercriminals have taken notice of the growing volume and lax security of many IoT devices and have begun to focus on them, harnessing thousands of devices to create a mining super-computer.”
Remco Verhoef, a security researcher at McAfee, also outlined the workings of a MacOS crypto mining malware threat — later dubbed OSX.Dummy — which was distributed on mining chat groups. The threat actor reportedly suggested to users on Slack, Telegram and Discord channels that they download software “to fix crypto problems.” This software — which is in fact fake — then “executes with a single line in Bash”:
“The users essentially infected their own devices instead of falling victim to an unknown exploit or an exploit kit. In execution, OSX.Dummy opens a reverse shell on a malicious server, giving an attacker access to the compromised system.”
An earlier report from McAfee Labs had already indicated that cryptojacking rose by a staggering 629 percent in the first quarter of 2018 alone. This month, research from cyber security research firm Kaspersky Lab revealed that cryptojacking has overtaken ransomware as the top cybersecurity threat in some parts of the world.