Cryptojacking still huge, but in decline, says new report

Cryptojacking, the malware that hijacks your computer’s processing power to mine cryptocurrency in your browser, is still the most popular way for hackers to make people miserable online, according to new reports by cyber security company Check Point.

Check Point say the phenomenon, though still popular, is also rapidly in decline. In the first half of last year, 42% of organizations worldwide had been infected by crypto-miners at some point. For the same period this year, just 26%. 

“[Cryptojacking is] no longer a profitable income method for cybercriminals as the price of cryptocurrency hasn’t returned to previous all-time high levels,” Troy Mursch, chief research officer at Bad Packets, a cybersecurity company that specializes in tracking cryptojacking threats, tells Decrypt.

Check Point reckons the free fall was due to the shutdown of cryptojacking service Coinhive in February. Coinhive billed itself as a way for website owners to generate cash from visitors without shoving ads down their throats. But the service, which turned out to be wildly unprofitable for any serious company, was quickly abused by hackers, who exploited the plugin to turn unsuspecting users’ browsers into crypto-mining machines. 

Since Coinhive fell, hackers mostly get their fix from CryptoLoot, the most popular of several Coinhive imitations. In the first half of this year, CryptoLoot impacted 7.2% of the world’s organizations. 

But things haven’t been the same for crypto-jackers since Coinhive shut down. Check Point says July saw a major decrease in the use of the Cryptoloot crypto-mining malware, which fell to tenth in its top malware list, from third in June.

Cryptomining certainly hasn’t gone away for good; hackers are just changing their tactics, says Maya Horowitz, director of threat intelligence and research at Check Point. Instead of focusing on low-hanging fruit such as

 consumer and business computers, Horowitz says hackers are using crypto-mining malware like XMRig and Jsecoin to target enterprise and cloud computing resources. 

“This is probably because they’re designed for ease of use and easy embedding into websites and other computing resources,” Horowitz tells Decrypt. So easy, in fact, that in the first half of this year, they’ve impacted 6.3% and 6.2% of organizations worldwide. 

Attacking enterprise and cloud systems is also far more lucrative. Last February, a hacker planted XMRig miners on the global Jenkins open source automation servers, earning an estimated $3 million in Monero before their scam was compromised. 

Yet Mursch, the cryptojacking expert, doesn’t think this points to a resurgence of cryptojacking. “It’s more likely miscreants are looking for the last penny to scrape,” he tells Decrypt.

Check Point’s Horowitz says we should watch out for this year’s batch of malware. ‘DarkGate’ malware, for instance, can steal credentials and passwords, perform file encryption and remote-access takeovers. 

“Hackers are always looking for new, more flexible tools to help them get cash fast,” says Horowitz. 

However hackers get their fix, there’s still a lot of money to be made as a black hatter. On May 31st, the administrators of the GandCrab ransomware allegedly retired on $2 billion in earnings. “We are a living proof that you can do evil and get off scot-free,” they wrote in a farewell post.