It appears cryptojackers are singling out Apple devices for their malicious attack, which takes hostage of the users’ iPhone, iPads, and macOS-powered computers. That is according to a revelation by Check Point Software Technologies during the Global Threat Index for September 2018.
In their report, Check Point makes a shocking revelation that there has been up to 400% increase in the number of reported incidences of cryptojacking malware targeting iPhones. These attacks predominantly use Coinhive mining malware, which is also in the lead, in terms of malware ranking. A position it has held since December 2017.
It is interesting to note, that the total cryptocurrency heist from leading exchanges and trading platforms has soared up to at least $927 million within the first nine months of 2018. That is a 250% increased from the level of cryptocurrencies heist seen last year. More details on this, click here to read our previous article on the subject. The U.S. cybersecurity company, CipherTrace tabled that report.
According to Check Point, it is believed that at least 19% of organizations around the world are affected by Coinhive. The researchers also noted there was a significant increase of Coinhive attacks on PCs and other devices using Apple’s primary browser, the Safari.
Coinhive is currently the most malicious online threats users face
There seems to be a consensus among cybersecurity firms and experts that Coinhive mining service is the biggest online threat of modern times. That is attributed to the fact the Coinhive computer code is often used to compromise hacked websites, which are then used as proxies to steal the processing power of the devices the site’s visitors are using.
Coinhive relies on a small bit of computer code, which has been designed to be installed on a website. Once it has infiltrated the user’s devices, the code can then use some or all of the users computing power via any browser that is visiting the give infected site. Coinhive hijacks the user’s device computing power to mine bits of the Monero cryptocurrency.
“Cryptomining continues to be the dominant threat facing organizations globally. What is most interesting is the four-fold increase in attacks against iPhones, and against devices using the Safari browser during the last two weeks of September,” notes Rick Rogers, the regional director for Africa at Check Point.
“These attacks against Apple devices are not using new functionality, so we are continuing to investigate the possible reasons behind this development.”
Increasing popularity of iPhones in the market
Market analysis report by the IDC, in the Q2 of 2018, Apple ranked position three in smartphone vendors who sold the most smartphones. It has a 12.1% market share, falling behind Huawei at position two with 15.8% of the market share, while Samsung leads with 20.9% of the market share.
“In the meantime, attacks such as these serve as a reminder that mobile devices are an often-overlooked element of an organization’s attack surface, so it’s critical that these devices are protected with a comprehensive threat prevention solution, to stop them being the weak point in corporate security defenses.”
Is Coinhive a malware or revenue-making alternative for websites?
Coinhive started as somewhat in good faith. It is no secret; most websites online are struggling to ‘keep the lights on’ off advertisements alone. So Coinhive has all along served as an alternative revenue path.
As it works out, visitors to the given website trade off some of their CPU power for the content they are getting from that site. The malware angle of Coinhive comes about when the site (whether compromised by hackers or designed that way by webmasters) does install the Coinhive code onto the visitors’ devices without their explicit knowledge and/or authorization.
Coinhive code comes with the option of alerting sites visitors of its presences, but if the webmaster (or the hackers) does not want it known, will disable that feature, and instead stealthily install the code on the devices being used to visit the site.
Coinhive throttles your device’s performance
People whose devices have been affected often notice the device’s CPU clocking at a faster rate, which is higher compared to the kind and number of apps they are running. If it is on a mobile device, you will note it keeps running out of battery faster. If it is a computer, you will also hear the fan making more noise than necessary, since it is trying to cool off the higher clocking CPU and even graphics chip.
All these lead to a poor performing device, as Coinhive throttles the hardware resources on board. In a nutshell, your device seems to be running slow, as if being overwhelmed by the few application you are running. While in reality, a big chunk of the device’s hardware resources has been hijacked and being used to mine Monero without your knowledge or authorization.
iPhones are the best targets due to their superior processing powers compared to Android
“I would imagine they are targeting iPhone because, as much as the Android zealots don’t want to admit it, iPhones are very powerful devices in terms of their processing capabilities. They have strong processors and lots of functional memory (RAM), and in the mining game, it’s all about crunching the numbers (doing processor-intensive calculations),” said Petri Redelinghuys, a trader and founder of Herenya Capital Advisors.
“It makes sense to target iPhones also because there are fewer variations of them compared to all the different Android-based phones out there. I would guess so that hackers have a smaller set of variables to account for and can more reliably gain access to processing power without impacting the users’ experience with the phone too much.”
Coinhive the biggest threat in Kenya, Nigeria, and South Africa
In as far as the proliferation of Coinhive malware across Africa is concerned. The Check Point’s Threat Index report for Kenya and Nigeria puts it as the leading malware threat. In South Africa, it comes in at second place to Dorkbot.
The report further identifies Andromeda attack being the second biggest malware threat in both Kenya and Nigeria, while coming in third in South Africa. For Kenya and Nigeria, the Dorkbot takes third place in the ranking. Note, these rankings are for September 2018 alone.