Good news: practically all the traditional types of malware have decreased in recent months. Not so good: mostly because hackers are more interested in using your computer to help them exploit cryptocurrencies.
It's likely that you or your employer do not even know it's happening. Malware miners cling to your PC and add processing power to their efforts to refuel on Monero, ByteCoin, AEON, or any of the new types of criptos that do not need a one-block rig. to achieve significant returns.
Adding to the attraction is an incorrect sense that does not feel so sinister as someone who steals your bank details or who holds your adulterous-website account for redemption.
There have also been recent moves by major media companies offering services without advertising in exchange for the power of your PC. Some refer to it as "ethical cryptomining".
But according to the latest quarterly report on cybercrime tactics and techniques by security software provider Malwarebytes, "mischievous cryptomining" has come out of nowhere in recent months to be now the second most popular form of cybercrime, "beating" of adware.
Currently, adware is still the number 1 threat to consumers, while spyware is the biggest threat to companies.
Ransomware – in which the victims are obliged to pay, usually in bitcoins – is destined for businesses by 28%, but consumer surveys have decreased, dragging them to sixth place overall. A new development has seen GandCrab become the first ransomware to ask victims to pay in a cryptography other than bitcoin.
But why risk ending up in jail by asking for a couple of hundred dollars in bitcoins when you can only get it out, with some unsolicited help?
While virtually all other malware is in decline, cryptomining is now the second threat to consumers and businesses.
Android owners, in particular, were targeted, with Malwarebytes finding a 4000% increase for the quarter. Mac user surveys were lower, but increased by 74% in March.
"Cryptocurrency mining is such a lucrative business that malware creators and distributors around the world are attracted to this as burning moths," the report states.
"We have seen large scale malicious cryptomining this quarter – on all platforms, devices, operating systems and in all browsers.
"Macs and mobile devices are not exempt, criminals even used cryptocurrency craze for social engineering purposes."
The most popular sites for criminals to infect are servers. Windows servers, Oracle servers and recently Amazon servers have all been infected with cryptocurrency miners. Infecting the server and its users, in particular the cloud-based Amazon AWS service, could suddenly host a miner on their website.
A recent example was found lurking on the Los Angeles Times website. And the Australian government websites. And the websites operated by the UK National Health System, Student Loans Co. and Northern Powergrid.
But why target Android users? The computing power is negligible, but Malwarebytes says it's easy to "raise mail" by adding miners to already damaging apps.
A recent version, a miner added to Loapi Trojan, pushed the devices to "overheat because of the voltage on the processor, their batteries swelled and eventually suffered a premature end".
It seems familiar.
But the biggest player is CoinHive. It has only been active since September 2017, when it announced an API that could extract Monero directly from a web browser.
It was launched with good intentions, but "due to various oversights, the technology was almost immediately abused," said Malwarebytes.
The beauty of CoinHive is hard to spot because it does not slow down your computer. It is used in "drive-by cryptomining".
Drive-by cryptomining is specific to the website and does not require the infectation of a machine. Open the edit, for example the LA Times page noted above, and your PC will start extracting Monero for someone else. Close the card or navigate away from it and mining stops.
You probably get annoyed only in the late website.
But here's a great trick: the miners are using: pop-under.
You will not see a pop-under card because it's like a pop-up card, except it opens under the taskbar. Even if you think you have left the website concerned, the card continues to fade.
You probably left one open all last night.
CoinHive itself takes a 30% commission from all mining earnings. The fact that knowledge is so openly discussed and that there have been no major repairs to CoinHive is probably a good part of why criptomining is the emerging star of the 2018 malware.
In defense of CoinHive, he released another API that requires users to activate the "ethical" cryptominer. But the MalwareBytes research shows that it has been used about 30,000 times a day compared to the silent API at 3 million times a day.
The new wave is already coming. Coin Have and CryptoLoot are n. 2 and 3. Coin Have takes 20%, but CryptoLoot claims to pay 88%.
Cryptominers actually advertise better rates to allow other people to steal your computing power. They also promote their ability to circumvent their biggest threat: advertising blockers.
But here's a tip to watch it at least on your PC: that moment when his fan went crazy.
In January, a miner even went so far as to let Android phone users know they had been extracted, which was polite. See CPU usage, off-scale:
You can choose to "test yourself as a human".
Malwarebytes says that there is no reason to expect that the increase in cryptomining will continue in 2018, especially given the value of cryptocurrencies, despite their recent declines.
The new frontier, they say, could be devices of the Internet of Things. How much attention are you paying to what your smart fridge is doing right now?
"While malicious encryption seems to be much less dangerous to the user than other forms of malware, such as ransomware, its effects should not be weakened," says Malwarebytes.
"In fact, unmanaged miners could seriously compromise business or critical infrastructure processes by overloading systems to the point where they become insensitive and blocked.
"Under the disguise of a financially motivated attack, this could be the perfect alibi for advanced threat actors."
- Basically, the fan of your computer is going crazy. Check the CPU usage (Task Manager, Windows, Activity Monitor, Mac) and look for the peaks.
- If you are a company, Malwarebytes has just released its new Endpoint Protection and Response solution.
- Antivirus software. The first to do something similar. If you're not convinced by your built-in protection, try Kaspersky or BitDefender.
- Help of Adblockers. AdBlock Plus and AdGuard offer site crawling for CoinHive. No coin box and Miner Block are also practical Chrome extensions.
- And if you see an unusual program that resumes the use of the CPU, just stop it, then look for a virus.