Three in-browser cryptocurrency mining scripts ranked first, second, and fourth in Check Point’s most active malware top ten, outranking classic high-output malware distribution infrastructures such as spam botnets, malvertising, and exploit kit operations.
The three are Coinhive (ranked #1), Crypto-Loot (ranked #2), and JSEcoin (ranked #4). These three are online services that offer JavaScript libraries that website owners can embed on their sites and generate profit by using their visitors’ CPU resources to mine the Monero cryptocurrency.
While all three are legitimate services, the JavaScript libraries provided by these three services have been abused by malware authors.
This JavaScript code has been found surreptitiously added to hacked sites, inside mobile apps, in gaming mods, desktop software, and a bunch of other places. It’s almost everywhere these days, and you can’t go anywhere online without tripping over a site that runs an in-browser cryptocurrency mining (cryptojacking) script in the background.
It’s because of this prevalence that some AV vendors have started detecting such scripts as malware.
In Check Point’s case, the company says that its security products have detected cryptojacking detections across 42% of the organizations they protect. Coinhive was the leader, with detections found on 20% of all customers, followed by Crypto-Loot with 16%.
Currently, the best ways of stopping websites from abusing your CPU to mine Monero via cryptojackers such as Coinhive, Crypto-Loot, or JSEcoin is to run an antivirus or one of the many browser ad blockers add-ons that can block such scripts, similarly to how they block advertising domains.
Readers looking for an introduction into cryptojacking can find additional information on this trend in a research paper entitled « A first look at browser-based cryptojacking, » that will be presented at the IEEE Security and Privacy on the Blockchain (IEEE S&B) UK workshop, in April this year.
For the curious, below are Check Point’s top 10 desktop threats and top 3 mobile threats rankings:
② Crypto-Loot – in-browser cryptocurrency miner
③ RIG EK – exploit kit
④ JSEcoin – in-browser cryptocurrency miner
⑤ RoughTed – malvertising campaign
⑥ Fireball – Windows adware network
⑦ Necurs – spam botnet
⑧ Andromeda – malware downloader/botnet
⑨ Virut – multi-purpose malware botnet
⑩ Ramnit – banking trojan, malware downloader
② Lokibot – Android banking trojan
③ Hiddad – Android adware