Cryptomining malware surges
Use of cryptocurrency mining malware surged over the past two quarters as cybercriminals acted to diversify their arsenals, according to a new report from McAfee Labs.
The company’'s latest Threat Report found that cryptomining malware samples grew 86% during the second quarter, after surging 629% during the previous quarter.
More than 2.5 million new samples were detected during the second quarter, and this includes samples that appear to be older malware such as ransomware that has been retooled with cryptomining capabilities, the report states.
While cryptomining malware primarily targets PCs, an increasingly wide range of devices has fallen into the criminals’ crosshairs, including Android smartphones, according to McAfee Advanced Threat Research Lead Scientist Christiaan Beek.
“A few years ago, we wouldn’t think of internet routers, video-recording devices and other Internet of Things devices as platforms for cryptomining because their CPU speeds were too insufficient to support such productivity,” he said.
“Today, the tremendous volume of such devices online and their propensity for weak passwords present a very attractive platform for this activity. If I were a cybercriminal who owns a botnet of 100,000 such IoT devices, it would cost me next to nothing financially to produce enough cryptocurrency to create a new, profitable revenue stream.”
Meanwhile, the total number of ransomware samples has grown 57% over the past four quarters, while new mobile malware samples increased for the second successive quarter in Q2 with a 27% growth.
Other trends in the threat landscape include a 151% rise in the number of samples designed to exploit software vulnerabilities, a new billing fraud campaign of at least 15 apps on Google Play, as well as increasing prevalence of malware exploiting JavaScript and the PowerShell command line language.
Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.
Secure-by-design software development for digital innovation
The rise of DevSecOps methodologies and developments in AI offers every business the opportunity...
Bolstering AI-powered cybersecurity in the face of increasing threats
The escalation of complex cyber risks is becoming a pressing issue for those in business...
How attackers are weaponising GenAI through data poisoning and manipulation
The possibility for shared large language models to be manipulated through data poisoning...
