EXECUTIVE SUMMARY:

Coinhive, a crypto-mining malware that hackers use to hijack victims’ computers to mine crytpocurrency, has displaced RoughTed as the number one most prevalent malware for December. That’s according to Check Point’s latest global threat index report.

According to researchers, cryptominers impacted 55 percent of organizations globally; with Coinhive in first place among the top 10 malware and another crypto-miner, Cryptoloot, placing third.

Below are the current Top 10 ‘most wanted’ malware, according to the report:
Note: The arrows relate to the change in rank compared to the previous month.

  1. ↑ Coinhive – Crypto-mining malware designed to mine Monero cryptocurrency. JavaScript implanted within the browser hijacks a user’s computational resources to mine coins when the user visits a web page. This resource drain impacts the user’s system performance.
    2. ↔ Rig ek – First introduced in 2014, Rig ek delivers exploits for Flash, Java, Silverlight, and Internet Explorer. Users become infected by being redirected to a landing page that contains JavaScript, which then checks for vulnerable plug-ins and delivers the exploit.
    3. ↑ Cryptoloot– Crypto-mining malware that competes with Coinhive and uses victims’ central processing unit (CPU)- or graphics processing unit (GPU)-power to mine for cryptocurrency; Cryptoloot differs from Coinhive by offering website operators a bigger percentage of the revenue that comes from the cryptomining.
    4. ↓ Roughted – Large-scale malvertising used to deliver various malicious websites and payloads such as scams, adware, exploit kits and ransomware. It can be used to attack any type of platform and operating system, and utilizes ad-blocker bypassing and fingerprinting in order to make sure it delivers the most relevant attack.
    5. ↔ Fireball– Browser-hijacker that can be turned into a full-functioning malware downloader. It is capable of executing any code on the victim machines, resulting in a wide range of actions from stealing credentials to dropping additional malware.
    6. ↑ Globeimposter– Ransomware disguised as a variant of the Globe ransomware. Discovered in May 2017, it is distributed by spam campaigns, malvertising and exploit kits. Upon encryption, the ransomware appends the .crypt extension to each encrypted file.
    7. ↓ Ramnit -Banking trojan that steals banking credentials, FTP passwords, session cookies and personal data.
    8. ↑ Virut – Botnet known for cybercrime activities such as DDoS attacks, spam, fraud, data theft, and pay-per-install activities. It spreads through executable file infection (via infected USB sticks and other media), and more recently, through compromised HTML files, which infect vulnerable browsers when visiting compromised websites.
    9. ↓ Conficker– Worm that allows remote operations and malware download. The infected machine is controlled by a botnet, which contacts its Command & Control server to receive instructions.
    10. ↑ Rocks – Web-based Cryptominer, which hijacks the victim’s CPU and existing resources for crypto mining.

Get the full story here.