Coinhive dominates malware charts before being shut down
In February, the two most prevalent malware variants were cryptominers, followed by the Emotet banking Trojan. Coinhive has seen a downward trend in its global impact, from 18 percent of organizations in October 2018 to 12 percent in January 2019 and with a further two percent drop in February.
This decrease has been caused by the rising cost of mining along with the decline in Monero's value. Cryptoloot rose to second place in February replacing XMRig, and was followed by Emotet, an advanced, self-propagating and modular Trojan, which replaced Jsecoin in third place in the index.
Check Point's researchers have also discovered several widespread campaigns distributing the GandCrab ransomware that have targeted Japan, Germany, Canada and Australia among other countries. These operations have emerged over the last two months, and Check Point’s researchers noticed a new version of the ransomware being distributed in one of the latest campaigns. The new version, Gandcrab V5.2, includes most of the features of the last, but with a change in the encryption method that means the decryption tool for previous versions of the ransomware in no longer effective.
"As we saw in January, threat actors continue to exploit new ways to distribute malware, while creating new and more dangerous variants of existing malware forms," says Maya Horowitz, threat intelligence and research director at Check Point. "GandCrab's new version proves once again that although there are malware families that stay in the top malware list for several months and seems to be static, they are actually evolving and being developed to evade detection. To effectively combat this, our researchers continuously trace them based on their malware family DNA -- so it's essential that organizations keep their security solutions fully updated."
Among other findings, the most seen mobile threats are: Lotoor -- a hack tool that exploits vulnerabilities on Android in order to gain root privileges on compromised mobile devices; Hiddad -- Android malware which repackages legitimate apps to display ads and then releases them to a third-party store; and Triada -- a modular backdoor for Android which grants super user privileges to downloaded malware.
You can find out more about the current malware landscape on Check Point's live threat map.