The data and analysis laid out in Malwarebytes Labs’ “Cybercrime Tactics and Techniques: Q2 2018” report shows that while cryptojacking remains popular, decreases in detections of the activity across the board suggest that the trend may be beginning to decline:
“We are not certain which [cybercrime] threat is going to take over as the top detection next quarter, but it’s unlikely to be cryptominers.”
The report proposes that the activity is receding from the cyberthreat landscape due to criminals’ disappointing revenue returns, adding that it expects cryptojacking to “stabilize” in correlation with market trends in cryptocurrency.
The recent decline is predominantly among consumer targets, with Windows cryptomining malware detections dropping in Q2, despite “rating highly on overall detections for the quarter.”
According to the report, after a massive spike at the end of Q1 2018, malicious Android cryptominers have also seen an abrupt decline, with a 16 percent drop in mobile miners from April to May. Despite this dip, there were still 244% more malware miner detections in Q2 than in Q1, and the report suggests the Android landscape in particular could potentially see a future increase.
The report claims that enterprises at present remain more vulnerable to cryptojacking. Data for cryptojacking targeting businesses has fluctuated “every month since the crypto craze began,” with each 2018 quarter showing “some form of spike in detections, the first being in January and the second in May.”
The report notes that cryptojacking strategies are nonetheless diversifying. While Coinhive-related activity continues to be detected at high volumes, other in-browser programs such as ‘Cryptoloot’ are becoming more popular, and attackers are increasingly “leveraging open source web mining code and adapting it to their needs.”
Malwarebytes Labs’ suggestion that cryptojacking was at its highest in Q1 2018 is echoed by a recent report published by McAfee Labs, which showed a staggering 629 percent rise in the activity in Q1 2018 over the preceding quarter. McAfee focused specifically on so-called coin miner malware, which works by using the Coinhive code.