SINGAPORE (Sept 26): Cryptomining malware is a rising factor on the cyber threat landscape, continuing its uptrend throughout the first half of 2018 since McAfee Labs first identified a surge in cryptomining malware growth in 4Q17.

Based on the cybersecurity company’s latest report, McAfee Labs Threats Report: September 2018, new cryptomining malware samples grew 629% to more than 2.9 million samples in 1Q18 from 400,000 in 4Q17.

More recently, this trend has shown to continue in 2Q as total samples grew by 86% with more than 2.5 million new samples, including what appears to be older malware such as ransomware which has been newly retooled with mining capabilities.

In a Wednesday report, McAfee notes that in some cases, specific groups such as gamers have been targeted as opposed to a broad field of potential victim. The threats were found to be not limited to PCs, but also other devices including Android phones in China and Korea, although to a lesser extent.

Notably, new malware samples specifically designed to exploit software vulnerabilities have increased significantly by 151% in 2Q, with exploits from two high-profile threats – WannaCry and NotPetya – repurposed within new malware strains as well as newly-discovered vulnerability exploits similarly adapted to produce entirely new threats.

While McAfee Labs has also identified vulnerabilities in Microsoft Windows 10’s Cortana voice assistant, the McAfee Advanced Threat Research Team has discovered a new billing-fraud campaign of at least 15 apps on Google Play, orchestrated by the “AsiaHitGroup Gang” using fake-installer applications Sonvpay.A and Sonypay.B.

New threats in 2Q showing notable technical developments include ransomware both new and established; mobile malware, particularly in South America; a new generation of JavaScript malware; LNK malware delivering malicious PowerShell scripts, among others; and spam botnets, with the Gamut spam botnet outpacing all others in 2Q18.

Christian Beek, lead scientist and senior principle engineer with McAfee Advanced Threat Research, attributes the recent surge in cryptomining malware activity to a tremendous volume of Internet-of-Things (IoT) devices online – and their propensity for weak passwords – as a “very attractive platform” for cybercrime activity.

“If I were a cybercriminal who owns a botnet of 100,000 such IoT devices, it would cost me next to nothing financially to produce enough cryptocurrency to create a new, profitable revenue stream,” remarks Beek.

On the report’s findings for 2Q18, he comments: “It’s still surprising to see numerous vulnerabilities from as far back as 2014 used successfully to spearhead attacks, even when there have been patches available for months and years to deflect exploits. This is a discouraging testament to the fact that users and organisations still must do a better job of patching vulnerabilities when fixes become available.”