Crypto mining has proven to be one of the major threats of 2017, with the tendency to continue to be so in 2018. Cryptocurrency miners’ impact on user machines is quite destructive.
Researchers found out that miners such as the Coinhive Monero miner can use up to 65% of CPU. In addition, new statistics recently revealed that 2,531 of the top 3 million websites are running the Coinhive miner, which amounts to 1 in 1,000 websites.
Crypto miners are not the only threat out there. Malware campaigns such as RoughTed and ransomware such as Locky continue to be prevalent. That being said, Check Point researchers have gathered intelligence on the top 10 malware threats invading users worldwide from September up to now.
RoughTed is a large-scale malvertising campaign which saw a peak in March this year but has been active for at least over a year. Both Windows and Mac operating systems are targeted, as well as iOS and Android. The operation is quite rare in its comprehensiveness, having used a variety of malicious approaches from exploit kits to online scams such as fake tech support scams, fake updates, rogue browser extensions, and so on.
2. Locky Ransomware
Locky ransomware has been around since February 2016, and during this period several iterations appending different extensions have appeared. The ransomware mainly spreads via spam emails which contain a downloader disguised as a Word or Zip attachment. The ransomware’s latest iteration is the so-called .asasin file virus, which appends the .Asasin extension to all encrypted files.
Seamless is a Traffic Distribution System (TDS), which operates by silently redirecting the victim to a malicious web page, leading to infection by an exploit kit. Successful infection will allow the attacker to download additional malware from the target, Check Point researchers said.
More specifically, the Seamless campaign, which has been active since February 2017 or earlier, has been using the Ramnit Trojan as a payload. However, in many cases the Ramnit payloads would be set to download additional malware on infected machines.
Despite its lengthy life-span, this infamous worm continues to infect computers. The worm enables cybercriminals to operate remotely to download malware. Infected machines are controlled by a botnet.
5. Zeus Trojan
The Zeus Trojan is still spread on a large scale via the RIG Exploit Kit. That new version is dubbed “Chthonic” and it first emerged a couple of years ago, when it hit 150 banks all over the world. This activity is still ongoing.
The famous banking Trojan designed to steal banking credentials, FTP passwords, session cookies and personal details is still active in the wild.
According to Check Point researchers, Firewall has been developed by a Chinese digital marketing company Rafotech.
It has been designed to hijack the victim’s browser and replacing his search engine with a fake one, and setting its own homepage. In addition to this typical browser hijacking behavior, Fireball is also capable of downloading other malware, bypassing anti-malware detection and using command-and-control techniques.
Pushdo is a Trojan that infects a system and then downloads the Cutwail spam module on infected systems. The latter can be leveraged to download third party malware.
Andromeda is a modular botnet often deployed as a backdoor to distribute additional malware. It can also be modified to create various types of botnets.
Keep in mind that the malware pieces listed above are currently active in the wild meaning that, to avoid infections, strong anti-malware protection is needed on every system.
SpyHunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter