It should come as no surprise to anyone in the cybersecurity industry that cryptocurrency mining is increasing at an incredible rate, but the rate of increase might come as a surprise.
Malwarebytes' Cybercrime tactics and techniques: Q1 2018 report found that not only is cryptomining now the second most detected problem for consumers and business, but it is growing at an incredible rate. The report found a 27 percent increase in the amount of cryptomining malware detected in businesses during the first quarter.
The number of MacOS-based cryptominer detections spiked during this same time period, with 1,000 detections taking place just in March, but the operating system that was hit worst was Android. Malwarebytes reported a 4,000 percent increase in the amount of Android-based miners reported during the quarter, compared to the previous three-month period.
Despite these huge jumps, mining was not the company's top most detected malware category: For consumers, it was adware and for businesses, it was spyware.
The report highlighted how bad the mining problem is, particularly for consumers. Between January and March 2018, the number of detections per month hovered between 16 million and 20 million. This is down from a high of 25 million in October 2017. The business side of the problem is much less severe, with detections mostly staying in a range between 200,000 and 300,000 per month for the fourth quarter of 2017, but spiking to 550,000 in February and hitting 400,000 in March.
“Indeed, cryptocurrency mining is such a lucrative business that malware creators and distributors all over the world are drawn to it like moths to a flame. We've seen malicious cryptomining on a grand scale this quarter – on all platforms, devices, operating systems, and in all browsers. Macs and mobile devices are not exempt; criminals have even used the cryptocurrency craze for social engineering purposes,” the report said.
Ransomware hitting consumers endured a 35 percent falloff in detections, although on the business side ransomware continued to grow, with detections jumping 28 percent.
“Both Locky and Cerber, once rulers of the ransomware market, are effectively out of the game for the time being; the most interesting examples of active ransomware in Q1 came in the form of GandCrab, Scarabey, and Hermes,” the report noted.
Malwarebytes also pointed out a particular oddity with GandCrab, in that it asks for the ransom payment in the form of Dash digital currency and not Bitcoin. The speculation here is that the criminals want a currency with a lower transaction fee and more anonymity than the most well-known cryptocurrency.