According to a report published by Check Point experts, incidents of malicious mining using the XMRig malware grow at a steady pace. Such conclusions were reached by specialists who analyzed the most common malicious programs used by cybercriminals in March this year.
The set of exploits of Rig EK took the second place among the tools for mining, beloved by intruders, after it goes Cryptoloot. The first place was occupied by the well-known free script for the extraction of the digital currency Coinhive, thanks to which cybercriminals managed to infect 18% of organizations around the world.
There have also been more cases of using mobile devices for malicious mining. The reason why attackers pay special attention to XMRig is that it is a rather advanced tool. Unlike other tools for extracting digital currency, XMRig does not need an open session in the browser, since this malware is installed on the endpoint. Discovered in May of last year, XMRig, in its essence, is not a malicious program, it was simply developed for mining the Montero crypto currency. Despite this, the attackers found the application of this tool, according to Palo Alto Networks, XMRig managed to infect more than 15 million devices around the world.
Check Point experts believe that the increase in the number of attacks using XMRig means that cybercriminals are improving their methods of illegal extraction of digital currency. In March of this year, researchers noted a 70 percent increase in the number of infections of XMRig computers. Typically, the malware spreads through file-sharing platforms, such as Rapid Files, 4Sync and DropMeFiles.
All these platforms contain public download links. Analysis of Palo Alto Networks has shown that Adfly Adfly also plays an active role in the distribution of this miner.
Once installed on the device, XMRig uses proxy servers to mask its traffic and wallets. He also adds a compromised device to the site of the online market Nicehash. Nicehash allows users to sell the processing power of their devices for mining.