For its final Global Threat Index of 2017, Check Point observed Coinhive supplant Roughted, a large-scale malvertising campaign, as the most prevalent form of malware. This Monero-miner made waves
Check Point's researchers provide
two reasons for this upsurge in crypto-miners like Coinhive:
Ad-blocking software, stemming from users losing patience with excessive pop-up and banner advertisements, has been slashing many websites’ advertising revenue. Those websites are turning to crypto-miners as a new source of revenue – often without the knowledge or permission of the visitors to the website. Similarly, threat actors are turning to crypto-mining malware as a new way to make money – illegitimately gaining access to the users’ CPU power to mine for their own crypto currency – making it even likelier that we’ll see this trend gain steam over the coming months.
That would also explain why another crypto-miner called CryptoLoot came in at third place just behind the RIG exploit kit
Check Point's top 10 "most wanted" malware for December 2017.
had a great year in 2017. These tools affected more than half (55 percent) of organizations globally, claiming
1.65 million users as a victims in the first eight months of the year alone. Those hapless individuals subsequently saw as much as 65 percent of their CPU power consumed when they visited media streaming, file-sharing, and similar types of websites that decided to deploy crypto-mining scripts without users' permission or knowledge.