Check Point cyber security experts compiled the top ten of the most dangerous malware in november 2018. The winner is the cryptominer Coinhive, followed by Cryptoloot and Andromeda

Check Point cyber security experts compiled the top ten of the most dangerous malware in november 2018. The winner is Coinhive, a Cryptominer designed to perform online mining of Monero cryptocurrency when a user visits a web page without the user’s knowledge or approval, and without sharing the profits with the user. The implanted JavaScript uses great computational resources of the end users to mine coins and might crash the system. In second place there is Cryptoloot, another CryptoMiner, using the victim’s CPU or GPU power and existing resources for cryptomining – adding transactions to the blockchain and releasing new currency. It is a competitor to Coinhive, trying to pull the rug under it by asking a smaller percentage of revenue from websites. Third place for Andromeda. A modular bot used mainly as a backdoor to deliver additional malware on infected hosts, but can be modified to create various botnets.

From Roughted, a large scale Malvertising, to Jsecoin: it’s a JavaScript miner that can be embedded in websites

In fourth position there is Roughted. A large scale Malvertising used to deliver various malicious websites and payloads such as scams, adware, exploit kits and ransomware. It can be used to attack any type of platform and operating system, and utilizes ad-blocker bypassing and fingerprinting in order to make sure it delivers the most relevant attack. Fifth place for Dorkbot. An IRC-based Worm designed to allow remote code execution by its operator, as well as the download of additional malware to the infected system. Jsecoin is stable in sixth position. It’s a JavaScript miner that can be embedded in websites. With JSEcoin, you can run the miner directly in your browser in exchange for an ad-free experience, in-game currency and other incentives.

Emoter, Conficker, XMRing and Nivdort. The last but not the least

In the last four places there are Emotet, Conficker, XMRIg and Nivdort. The first one is an advanced, self-propagate and modular Trojan. Once used to employ as a banking Trojan, and recently as a distributor to other malware or malicious campaigns. It exploits multiple methods for maintaining persistence and evasion techniques to avoid detection. In addition, it can be spread through phishing spam emails containing malicious attachments or links. The second is a Worm that allows remote operations and malware download. The infected machine is controlled by a botnet, which contacts its Command & Control server to receive instructions. The Third is an open-source CPU mining software used for the mining process of the Monero cryptocurrency, and first seen in-the-wild on May 2017. Finally, Nivdort is a Multipurpose bot. Also known as Bayrob, that is used to collect passwords, modify system settings and download additional malware. It is usually spread via spam emails with the recipient address encoded in the binary, thus making each file unique.

The Check Point post on the malicious top ten