Check Point security’s ‘Most Wanted” list for December shows the top four Windows malware are crypto miners.
Check Point says despite an overall drop in value across all cryptocurrencies in 2018, cryptomining malware makes up half of
The Check Point list includes
*The arrows relate to the change in rank compared to the previous month.
- ↔
Coinhive – Cryptominer designed to perform online mining of Monero cryptocurrency. You catch it in drive-by web pages without the user’s knowledge or approval. The implanted JavaScript uses great computational resources to mine coins and might crash the system. - ↑
XMRig – Open-source CPU mining software used for the mining process of the Monero cryptocurrency. First seen in-the-wild on May 2017. - ↑ Jsecoin – JavaScript miner embedded in websites. With JSEcoin, you can run the miner directly in your browser in exchange for an ad-free experience, in-game currency and other incentives.
- ↓ Cryptoloot – Cryptominer, use the victim’s CPU or GPU power and existing resources for
cryptomining . - ↑
Authedmine – Performs online mining of Monero cryptocurrency when a user visits a web page without the user’s knowledge or approval the profits with the user.
What is cryptomining and what does it do to my computer?
Cryptomining malware, or cryptocurrency mining malware or simply cryptojacking, is malware developed to use a computer’s resources for cryptocurrency mining without a user’s explicit permission.
Cybercriminals use
It uses a lot of processing power and while a PC can usually withstand prolonged heavy loads a smartphone cannot.
The worst is
Fortnight hack
Check Point also discovered security vulnerabilities in Fortnight’s login process. This could allow a threat actor to take over the account of any user, view their personal account information, purchase virtual in-game currency and eavesdrop on in-game chatter as well as home conversations.
The vulnerability takes advantage of Epic Games’ use of authentication tokens in conjunction with Single Sign-On (SSO) providers such as Facebook, Google, X-Box and others built into Fortnite’s user login process. Always use a login/password – never use SSO.
4 Comments