News Security

Smoke Loader: Crypto Mining Malware Remains a Very Serious Threat

Pinterest LinkedIn Tumblr

How is it that something can remain a threat for so long? In the case of cryptocurrency mining malware, the issue is once again being labeled the primary threat to crypto expansion by Check Point, a leading cybersecurity company, who now states that Smoke Loader – a form of malware originally designed in 2011 – now stands as one of today’s top ten forms of crypto malware.


What’s the Deal with Smoke Loader?

Smoke Loader’s primary goal is to act as a second-stage downloader for other forms of malware, such as Trojans, TrickBot and Panda Banker, and since the introduction of cryptocurrency, executives within Check Point claim that crypto-jacking and crypto mining malware remain the largest problems within the industry’s borders.

Following the release of the company’s most recent analysis report, Maya Horowitz – threat intelligence and research group manager at the firm – comments:

“December’s report saw Smoke Loader appearing in the top ten for the first time. It’s sudden surge in prevalence reinforces the growing trend towards damaging, multi-purpose malware in the Global Threat Index, with the top ten divided equally between crypto miners and malware hat uses multiple methods to distribute numerous threats.”

Other Generals in the Malware War

Among the other forms of malicious software singled out in the report include Coinhive, and this should really come as no surprise to anyone who’s been reading about cryptocurrency over the past three years. Coinhive is arguably the most prominent form of distributed malware, having been installed into even some of the most major platforms, i.e. Google. The malware secretly mines the anonymous cryptocurrency Monero through a victim’s computing power, driving up their energy bills and taking in secret profits.

Other major entities mentioned in the report include Jsecoin, a JavaScript miner that can be placed into specific websites and run directly in browsers. Next comes Cryptoloot which, as its name suggests, is all about looting other people’s crypto. The malware is a direct competitor to Coinhive and came in second place in November as the most malicious form of software.

The Battle Rages On

In addition, networks like Emotet and Ramnit create banking Trojans, earning them top spots in the company’s latest report findings. Researchers also say that malware is now found on mobile devices along with desktop computers, which creates new levels of abuse that are harder to track.

Among the leading mobile-based malware threats include Triada and Guerrilla Android, which seemingly integrate their way onto unsuspecting victims’ phones via malicious advertisements. The third most common is Lotoor, which gains root privileges on Android phones and exploits operating vulnerabilities once it’s in control.

Horowitz explains:

“The diversity of the malware in the Index means that it is critical that enterprises employ a multi-layered cybersecurity strategy that protects against both established malware families and new threats.”

Doesn’t This Look Familiar?

Crypto-jacking and mining malware are two items that Blockonomi has been covering for several months. Among the more recent cases is one involving malware hidden within Windows installation files. Known as Coinminer, the malware is designed to mine Monero like Coinhive, and was discovered by cybersecurity firm Trend Micro.

A report detailing the findings stated:

“The malware arrives on the victim’s machine as a Windows installer MSI file, which is notable because Windows Installer is a legitimate application used to install software. Using a real Windows component makes it look less suspicious and potentially allows it to bypass certain security filters.”

In addition, several cases have been monitored of North Korea allegedly installing crypto-jacking malware onto the computer systems of its neighbor to the south. According to cybersecurity ventures Group-1B and Recorded Future, the North Korean hacking organization known as “Lazarus” has been responsible for approximately five separate crypto-jacking attempts in South Korea over the past 12 months alone.

Nick Marinoff

Nick Marinoff has been covering cryptocurrency since 2014. He has served as a lead content writer and news editor for Money & Tech; a public relations writer for Game Credits, and a senior writer for both Bitcoinist and News BTC.

Write A Comment

As Featured In
As Featured In