Three in-browser cryptocurrency mining scripts ranked first, second, and fourth in Check Point’s most active malware top ten, outranking classic high-output malware distribution infrastructures such as spam botnets, malvertising, and exploit kit operations.
It’s because of this prevalence that some AV vendors have started detecting such scripts as malware.
In Check Point’s case, the company says that its security products have detected cryptojacking detections across 42% of the organizations they protect. Coinhive was the leader, with detections found on 20% of all customers, followed by Crypto-Loot with 16%.
Currently, the best ways of stopping websites from abusing your CPU to mine Monero via cryptojackers such as Coinhive, Crypto-Loot, or JSEcoin is to run an antivirus or one of the many browser ad blockers add-ons that can block such scripts, similarly to how they block advertising domains.
Readers looking for an introduction into cryptojacking can find additional information on this trend in a research paper entitled “A first look at browser-based cryptojacking,” that will be presented at the IEEE Security and Privacy on the Blockchain (IEEE S&B) UK workshop, in April this year.
For the curious, below are Check Point’s top 10 desktop threats and top 3 mobile threats rankings:
② Crypto-Loot – in-browser cryptocurrency miner
③ RIG EK – exploit kit
④ JSEcoin – in-browser cryptocurrency miner
⑤ RoughTed – malvertising campaign
⑥ Fireball – Windows adware network
⑦ Necurs – spam botnet
⑧ Andromeda – malware downloader/botnet
⑨ Virut – multi-purpose malware botnet
⑩ Ramnit – banking trojan, malware downloader
② Lokibot – Android banking trojan
③ Hiddad – Android adware