Coinhive crypto-mining malware held on to the top spot in Check Point’s Top 10 Most Wanted Malware Index for April, with a global reach of 16 percent. In addition, researchers uncovered a new trend that involves cryptominers targeting server vulnerabilities.

Despite patches being available for at least six months, vulnerabilities in Microsoft Windows Server 2003 (CVE-2017-7269) and Oracle Web Logic (CVE-2017-10271) attracted cybercriminals intent on mining cryptocurrency. Researchers found that 46 percent of the world’s organizations were targeted for the Microsoft Windows Server 2003 vulnerability; 40 percent were targeted for the Oracle Web Logic vulnerability.

Below are the current Top 10 ‘most wanted’ malware, according to the report.
Note: The arrows relate to the change in rank compared to the previous month.

  1. ↔ Coinhive – Crypto-mining malware designed to secretly mine Monero cryptocurrency when an unwitting user visits a web page.
  2. Cryptoloot – Crypto-mining malware that competes with Coinhive and uses victims’ central processing unit (CPU)- or graphics processing unit (GPU)-power to mine for cryptocurrency; Cryptoloot differs from Coinhive by offering website operators a bigger percentage of the revenue that comes from the cryptomining.
  3. ↑ Roughted – Large-scale malvertising used to deliver various malicious websites and payloads such as scams, adware, exploit kits and ransomware. It can be used to attack any type of platform and operating system, and utilizes ad-blocker bypassing and fingerprinting in order to make sure it delivers the most relevant attack.
  4. ↑ JSEcoin – JavaScript miner that can be embedded in websites. JSEcoin lets users run the miner directly in their browsers in exchange for ad-free experiences, in-game currency and other incentives
  5. ↑ Andromeda – Modular bot used mainly as a backdoor to deliver additional malware on infected hosts. It can also be modified to create different types of botnets.
  6. ↔ Fireball – Browser-hijacker that can be turned into a full-functioning malware downloader. It is capable of executing any code on the victim machines, resulting in a wide range of actions from stealing credentials to dropping additional malware.
  7. ↑ XMRig– XMRig is an open-source CPU mining software used for the mining process of the Monero cryptocurrency. It was first spotted about a year ago, in May 2017.
  8. ↑Dorkbot- An IRC-based worm that allows remote-code execution by its operator, as well as the download of additional malware to the infected system. Its chief aim is to steal sensitive information and launch denial-of-service attacks.
  9. ↑Nivdort- Multipurpose bot, also known as Bayrob, collects passwords, modifies system settings and downloads additional malware. It spreads via spam emails, with the recipient address encoded in the binary, making each file unique.
  10. ↓ Necurs- Botnet that spreads malware–mainly ransomware and banking trojans–through spam emails.

Get the full story at the Check Point blog.