Coin mining malware grows by over 600 percent as criminals 'infect and collect'
A new report from McAfee Labs has seen coin mining malware grow by 629 percent in the first quarter 2018 as criminals seek to cash in on cryptocurrency trends.
On average the company has seen five new threat samples every second, including growth in cryptojacking and other cryptocurrency mining malware, and notable campaigns demonstrating a deliberate drive to technically improve on the most sophisticated, established attacks of 2017.
"Cybercriminals will gravitate to criminal activity that maximizes their profit," says Steve Grobman, chief technology officer at McAfee. "In recent quarters we have seen a shift to ransomware from data-theft, as ransomware is a more efficient crime. With the rise in value of cryptocurrencies, the market forces are driving criminals to cryptojacking and the theft of cryptocurrency. Cybercrime is a business, and market forces will continue to shape where adversaries focus their efforts."
The Lazarus cybercrime ring launched a highly sophisticated Bitcoin-stealing phishing campaign -- HaoBao -- which targeted global financial organizations and Bitcoin users. When recipients opened malicious email attachments, an implant would scan for Bitcoin activity and establish an implant for persistent data gathering and cryptomining.
Among other notable events recorded by McAfee in the quarter is the Gold Dragon attack, targeting organizations involved in the Pyeongchang Winter Olympics in South Korea. The attack was executed via a malicious Microsoft Word attachment containing a hidden PowerShell implant script. The script was embedded within an image file and executed from a remote server. The resulting fileless implant encrypted stolen data, sent the data to the attackers' command and control servers, performed reconnaissance functions, and monitored anti-malware solutions to evade them.
You can find out more about these attacks and others in the full report which is available from the McAfee Labs site.