Android platforms are commonly characterized by the presence of Trojan-infected apps that have built-in cryptocurrency mining codes, which means that mobile users are highly susceptible to malicious cryptocurrency mining attacks. It is quite alarming to note that cyber criminals deploy malicious APKs that are delivered through SMS spam and cryptocurrency miners into people’s mobile devices and the modus operandi is similar to that of Windows malware. In fact, attackers find it quite easy to add miners to apps that are already malicious. For example, cyber criminals could easily add miners on apps that were infected with the Loapi Trojan, an SMS Trojan that could deliver ads. Loapi caused a high degree of strain on the processor, which caused overheating of the batteries which, in turn, shortened the lifespan of the Androids.
Android miners as well as Mac miners often use official mining websites such as Minergate. While it is expected that apps downloaded from trusted websites are usually safe, this may not always be the case. Nowadays, even trusted applications are getting hacked. A typical example of this scenario was how cyber criminals hacked the MacUpdate website and delivered OSX.CreativeUpdate, a Mac cryptocurrency miner, to Mac systems.
As of now, incidences of ransomware attacks are on the low side- a trend that we are observing since the second half of 2017. Business ransomware has shown a sharp increase, as Q1 2018 witnessed the advent of new ransomware called the Hermes, Gandcrab, and the Scarabey. Interestingly, Cerber and Locky, which used to dominate the ransomware scene some time back, now seems extinct.
Cyber criminals used two exploit kits, namely, Grandsoft EK and RIG EK to distribute Gandcrab, which was first identified in January of this year. Recently, RIG has emerged as a remarkable exploit kit because of the fact that it has been diversified into numerous types of payloads. On the other hand, Grandsoft was believed to have disappeared, but it created a stir when it was used to deliver GandCrab. Cyber criminals have also delivered GandCrab via EI Test malware campaigns and Necurs email spam. Interestingly, GandCrab has been used to access Dash wallets rather than Bitcoin wallets, which are more widespread. This clearly indicates that cyber criminals are typically targeting cryptocurrencies that have lower transaction fees compared to Bitcoin.