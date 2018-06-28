Mobile emerges as malicious crypto mining soars

The number of internet users that have been attacked by malicious crypto currency mining software has increased from 1,9-million to 2,7-million in just one year.

Statistics for the last 24 months show that miners are increasingly focused on developing markets and are taking advantage of internet users in these regions to grow their revenues. This is one of the key findings in Kaspersky Lab’s annual ransomware and malicious crypto miners report, 2016-2018.

The report, which covers two similar periods (April to March 2016-2017 and April to March 2017-2018), shows that while ransomware can provide cybercriminals with potentially large but one-off rewards in a turbulent landscape, miners might make less money out of their victims, but through a more sustainable/ longer-term model. This is naturally gaining popularity among the cybercriminal community.

Kaspersky Lab experts have detected a significant change in the cyberthreat landscape: PC and mobile ransomware attacks on unique users dropped dramatically in 2017-2018 (by almost 30% and 22.5% respectively).

Cybercriminals are instead opting to make their money out of crypto currency miners – specialised “mining” software which creates a new currency unit (or coin) by using the computing power of the victim PC and mobile devices. Malicious miners do so at the expense of other users, capitalising on the power of their computers and devices without their knowledge.

According to the report, PC crypto miners are steadily growing. The total number of users who encountered this form of mining rose from 1 899 236 in 2016-2017, to 2 735 611 in 2017-2018.

Mobile crypto miners are also emerging as a threat, with unique attacks growing by 9.5%. Overall, this form of mining targeted almost 5,000 users in 2017-2018, compared to around 4,500 users in 2016-2017. Mobile users in China and India are particularly victimised by this threat.

“The reasons behind these changes in the cyberthreat landscape are clear. For cybercriminals, ransomware is a noisy and risky way of making money; it attracts media and state attention. The mining model however, is easier to activate and more stable – you attack your victims, discreetly build crypto currency using their CPU or GPU power, and then transfer that into real money through legal exchanges and transactions,” notes Anton Ivanov, security expert at Kaspersky Lab.

Other key findings from the report include:

* The total number of users who encountered ransomware fell by almost 30%, from 2 581 026 in 2016-2017 to 1 811 937 in 2017-2018;

* The proportion of users who encountered ransomware at least once out of the total number of users who encountered malware fell by around 1 percentage point, from 3,88% in 2016-2017 to 2,8% in 2017-2018;

* Among those who encountered ransomware, the proportion who encountered cryptors fell by around 3 percentage points, from 44,6% in 2016-2017 to 41,5% in 2017-2018;

* The number of users attacked with cryptors almost halved, from 1 152 299 in 2016-2017 to 751 606 in 2017-2018;

* The number of users attacked with mobile ransomware fell by 22,5% from 130 232 in 2016-2017 to 100 868 in 2017-2018;

* The total number of users who encountered miners rose by almost 44,5% from 1 899 236 in 2016-2017 to 2 735 611 in 2017-2018;

* The share of miners detected, from the overall number of threats detected, also grew from almost 3% in 2016-2017 to over 4% in 2017-2018;

* The share of miners detected, from overall risk tool detections, is also on the rise – from over 5% in 2016-2017 to almost 8% in 2017-2018; and

* The total number of users who encountered mobile miners also grew – but at a steadier pace, growing by 9,5% from 4 505 in 2016-2017 to 4 931 in 2017-2018.