Cryptomining malware up, financial malware down in Q1 2021, Kaspersky finds

Bitcoin prices rocketed in early 2021, and so did the number of cybercriminals distributing malware to force infected devices to mine them, with numbers quadrupling from February to March alone.

bitcoin-circuit.jpg

Getty Images/iStockphoto

Kaspersky has published a pair of reports detailing the state of the cybersecurity threat landscape in the first quarter of 2021. The first report, detailing desktop attacks, found that cryptomining malware has exploded in popularity, while the second report covering mobile devices, revealed that a popular Trojan targeting gamers has made the leap from PC to Android.

More about cybersecurity

The price of Bitcoin skyrocketed starting late 2020 before hitting a high of more than $63,000 on April 15, 2021. Between February and March 2021, during which time the price of a single bitcoin increased by more than $10,000, the number of modified cryptomining malware found by Kaspersky experienced a similar jump with a fourfold increase over the course of the same time period.

SEE: Security incident response policy (TechRepublic Premium)

“It’s too early to say for sure if the trend we’ve noted in Q1 2021 is here to stay. However, it does seem that the increase in the value of Bitcoin and other cryptocurrency has sparked a renewed interest in miners. If the crypto markets remain strong this year, it’s likely we’ll continue to see more instances of users encountering miners,” said Kaspersky security expert Evgeny Lopatin.

It remains to be seen if Bitcoin’s sudden drop in value (its gains between February and April have largely been erased), along with rumored U.S. cryptocurrency regulation, a mining crackdown in China and Tesla’s dropping of Bitcoin as way to buy a vehicle will further deflate the price and lead to an exodus of cybercriminals to more profitable ventures. 

The desktop report also includes findings that indicate advanced persistent threat groups (APT), or hacking groups backed by governments, are making extensive use of four Microsoft Exchange Server zero-day vulnerabilities. Kaspersky notes that the zero days have been patched and advises any organization with an on-site exchange server to update its software immediately, as APTs are known to be using them to launch additional attacks and distribute malware through infected systems. 

Interestingly enough, financial malware that aims to steal malware has decreased over the course of 2021, continuing a trend from 2020. This may be due in part to the victory international law enforcement agencies had over the Emotet trojan botnet, or it could indicate that cybercriminals are shifting their efforts toward more lucrative channels like cryptomining. 

Mobile security threats in Q1 2021

On the mobile side, financial malware also experienced a dip in popularity, with a decrease in the number of installers detected falling from 42,115 in Q1 2020 to 25,314 in Q1 2021. Far more interesting, however, is the leap of Trojan-Gamethief mobile trojans from PCs to Android devices.

Gamethief malware attempts to locate account credentials to popular gaming apps, steal those credentials and use them to make in-app purchases using the stolen account’s billing information. 

SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)

While popular on Windows PCs for some time, this is the first time that Kaspersky notes similar malware being found on Android devices. In particular, a malicious file was discovered that targets PlayerUnknown’s Battlegrounds (PUBG) for Android. Once installed, it checks for appropriate PUBG packages, locates configuration files and extracts them. The malware also searches for Facebook, Twitter and Gmail credentials as well. 

Staying safe

As a general rule, Kaspersky recommends taking these steps to protect both desktop and mobile devices from malware threats: 

  • Install a trusted security solution, no matter how secure you believe your device to be.
  • Many types of cryptomining malware sneak in through “riskware,” which Kaspersky describes as legitimate programs that themselves have vulnerabilities that give attackers a way in. Be sure that your security software is able to scan for these as well.
  • Always keep software—both the system and apps—up to date.
  • Only install software from trusted sources, like Google Play, the Apple App Store or the Windows store. 

Also see