Malwarebytes spotted an increase in Android crypto-miners of 4000% in the first three months of 2018, contributing to total consumer detections of around 16 million by March, with businesses seeing more modest infections.
The security vendor’s Cybercrime Tactics and Techniques report for Q1 2018 revealed a similar pattern to other analysis, with crypto-jacking increasingly favored by cyber-criminals instead of ransomware.
To that end, consumer-focused ransomware was down 35% from the previous quarter to sixth spot in terms of top threats.
Crypto-mining has also hit businesses hard, with a 27% increase over Q4 2017. Although a quarterly peak of 550,000 detections in February fell well below the kind of stats seen in the consumer space, crypto-mining on organizations can have a major impact on resources, slowing down business processes, impacting productivity, increasing energy costs and damaging compliance efforts.
Infections could also lead to more serious repercussions, including information theft, ransomware and system hijacking.
“From January 1 to June 24, 2017, our sensors detected 4,894 bitcoin miners that triggered over 460,259 bitcoin-mining activities, and found that more than 20% of these miners also triggered web and network-based attacks,” claimed Trend Micro.
Despite the increase in crypto-mining activity, the number one threat for consumers remained adware, whilst in the business sphere it was spyware — although both appear to be on the wane.
Malwarebytes also noted that online scammers are looking to jump on media coverage of failed Spectre and Meltdown patches to spread malware.
There have been sightings of phishing emails spoofed to come from trusted sources with links to ‘legitimate’ patches, which in reality led only to malware.
Coinbase-themed tech support scans were also increasingly seen targeting customers’ wallet credentials, using fake Twitter accounts and blackhat SEO to lure victims in.