Cryptocurrency Mining Malware Tops Most Wanted Malware List

Check Point’s Most Wanted Malware report for December 2018 shows that cryptocurrency mining malware was the leading malware threat in December. The top four malware threats in December 2018 were all cryptocurrency miners.

Top spot goes to the Monero miner Coinhive: An online miner that uses the processing power of visitors’ computers whenever they visit a website that has had the miner installed. Coinhive has topped the Most Wanted Malware list for the past 13 months and it is estimated that the malware impacts 12% of businesses around the world. Cryptocurrency mining malware variants XMRig, Jsecoin and Cryptoloot take 2nd place, 3rd, and 4th spot respectively.

The move to cryptocurrency mining is understandable given the rise in value of cryptocurrencies in late 2017; however, even though the value of those cryptocurrencies has fallen, cryptocurrency mining malware still accounts for half of the top 10 malware threats.

The Emotet banking Trojan has risen to 5th place in the top 10 list. Emotet is spread through phishing emails containing malicious attachments and is a highly advanced banking Trojan capable of self-propagation. The modular malware is regularly updated and now serves as a downloader for other malware variants, including Ryuk ransomware.

6th place is claimed by Nivdort – A password stealer and malware downloader that is capable of modifying system settings. Nivdort is also primarily spread via spam email.

The IRC-based Dorkbot worm slips down to 7th place in December. Dorkbot allows attackers to remotely execute code on an infected device and the malware also serves as a downloader of other malware.

The Ramnit banking Trojan has risen to 8th position, and for the first time, Smokeloader has made the top ten list. Smokeloader is a second stage downloader for Windows that is used to download a variety of malware variants, including the AZORult information stealer and Trickbot.

Authedmine, another cryptocurrency mining malware variant, claims 10th spot. Authedmine is a variant of Coinhive.

“The diversity of the malware in the index means that it is critical that enterprises employ a multi-layered cybersecurity strategy that protects against both established malware families and brand new threats,” said Maya Horowitz, Check Point’s Threat Intelligence and Research Group Manager.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of