Coinhive shut down on March 8, even as it remained the top malware for the 15th straight month in the Global Threat Index for February, Check Point Research, the threat intelligence arm of Check Point Software Technologies said in a report.
According to the report, Check Point’s researchers also have discovered several widespread campaigns distributing the GandCrab ransomware that have targeted Japan, Germany, Canada and Australia, among others.
These operations have emerged over the last two months, and Check Point’s researchers noticed a new version of the ransomware being distributed in one of the latest campaigns.
The new version, Gandcrab V5.2, includes most of the features from the previous one, but with a change in the encryption method that renders the decryption tool ineffective. In February, the most prevalent malware variants were cryptominers.
“As we saw in January, threat actors continue to exploit new ways to distribute malware, while creating new and more dangerous variants of existing malware forms. GandCrab’s new version proves once again that although there are seemingly static malware families that stay in the top malware list for several months, they are actually evolving and developing to evade detection. To effectively combat this, our researchers continuously trace them based on their malware family DNA – so it’s essential that organizations keep their security solutions fully updated,” Maya Horowitz, Threat Intelligence and Research Director at Check Point said.
As per the report, Coinhive remains the top malware, impacting 10 per cent of organizations worldwide. This follows a downward trend in Coinhive’s global impact, from 18 per cent in October 2018, to 12 per cent in January 2019, and now with a 2 per cent drop this month. This decrease has been caused by the rising cost of mining along with the decline in Monero’s value.
Cryptoloot rose to second place in February replacing XMRig, and was followed by Emotet, an advanced, self-propagate and modular Trojan, which replaced Jsecoin in third place in the index.