Crypto-mining malware attacks on iPhones intensify

Source: Vsoftsystems, 09/11/2018

There was a four-fold increase in attacks against iPhones and devices
using Safari during the last two weeks of September, says Check Point.
Apple iPhones are under attack from crypto-mining malware.
This is according to Israeli-based cyber security firm Check Point
Software Technologies in its Global Threat Index for September 2018,
which reveals a near-400% increase in crypto-mining malware attacks on
Apple iPhones.
Check Point says these attacks use the Coinhive mining malware, which
continues to occupy the top position in the index that it has held
since December 2017.
This as the theft of crypto-currencies through hacking of exchanges
and trading platforms soared to $927 million in the first nine months
of the year, up nearly 250% from the level seen in 2017, according to
a report released last week by US-based cyber security firm CipherTrace.
Check Point says Coinhive now impacts 19% of organisations worldwide.
Its researchers also observed a significant increase in Coinhive
attacks against PCs and devices using the Safari browser, which is the
primary browser used by Apple devices.
Malicious threat
Crypto-currency mining service Coinhive has been identified by several
cyber security firms as the top malicious threat to Web users, due to
the tendency for Coinhive`s computer code to be used on hacked Web
sites to steal the processing power of its visitors` devices.
It relies on a small chunk of computer code designed to be installed
on Web sites. The code uses some or all of the computing power of any
browser that visits the site in question, enlisting the machine in a
bid to mine bits of the Monero crypto-currency.
`Crypto-mining continues to be the dominant threat facing
organisations globally,` says Rick Rogers, regional director for
Africa at Check Point.
`What is most interesting is the four-fold increase in attacks against
iPhones, and against devices using the Safari browser during the last
two weeks of September. These attacks against Apple devices are not
using new functionality, so we are continuing to investigate the
possible reasons behind this development.`
According to market analyst firm IDC, in Q2 2018, Apple was the third
biggest smartphone vendor with a 12.1% market share, behind Samsung
(20.9%) and Huawei (15.8%).
`In the meantime, attacks such as these serve as a reminder that
mobile devices are an often-overlooked element of an organisation`s
attack surface, so it`s critical that these devices are protected with
a comprehensive threat prevention solution, to stop them being the
weak point in corporate security defences,` says Rogers.
Jon Tullett, research manager for IT services, Sub-Saharan Africa at
IDC, says iPhones are vulnerable to attack, as is any device and
software platform.
He notes ITWeb hosted security expert, Charlie Miller, at Security
Summit 2014, for example; Miller won the Pwn2own competition with an
iPhone root exploit about a decade ago.
Anyway, says Tullett, Coinhive is not mobile malware, nor is it
attacking iPhones. `It`s running code on the mobile phone`s browser,
not natively on the phone itself. As such, it is platform-agnostic;
iPhones are affected, as are many other browsers, mobile or not.
`Coinhive operators and cyber criminals target anyone they can reach,
and a platform-neutral vector will obviously give them the best mileage.`
He points out that Coinhive`s definition as malware is debatable.
`It`s pitched as a revenue alternative to Web advertising, allowing
users to trade CPU cycles for content. The malware part generally
comes up because it`s frequently not disclosed to unwitting users, and
people don`t like that.
`The platform has an option to alert users about its presence, but
realistically no one uses it and it`s likely just there to mollify
people who complain. Also, it doesn`t play nice; throttling
performance to do its job but not impacting performance/battery life
would probably have been a more acceptable compromise.`
Processing power
Petri Redelinghuys, a trader and founder of Herenya Capital Advisors,
is of the view that cyber criminals are targeting iPhones because of
their strong processing capabilities.
`I would imagine they are targeting iPhones because, as much as the
Android zealots don`t want to admit it, iPhones are very powerful
devices in terms of their processing capabilities. They have strong
processors and lots of functional memory (RAM) and in the mining game,
it`s all about crunching the numbers (doing processor-intensive
calculations).
`It makes sense to target iPhones also because there are fewer
variations of them compared to all the different Android-based phones
out there. I would guess so that hackers have a smaller set of
variables to account for and can more reliably gain access to
processing power without impacting the user`s experience with the
phone too much,` Redelinghuys says.
Coinhive was also dominant across Africa in September, occupying the
number one spot on Check Point`s Threat Index in both Kenya and
Nigeria. It was the second most common malware in SA, second only to
Dorkbot.
According to Check Point, widespread instances of Andromeda attacks
were reported across Africa last month. The modular bot, which is used
for malicious activity, ranked second on the Threat Index in both
Kenya and Nigeria, and third in SA. Ranking third in Kenya and Nigeria
was Dorkbot.
It notes the Cryptoloot mining malware climbed to third place in the
Threat Index, becoming the second most prevalent crypto-miner in the
index. Cryptoloot aims to compete with Coinhive by asking a smaller
revenue percentage from Web sites than Coinhive.
Concluding, Tullett says: `If you view Coinbase as malware, block it.
Ad-blockers will catch it, for example. In time, browsers will be
updated to enforce performance thresholds, which will alleviate the
impact, so watch for those updates.
`Alternatively, if you are happy to solve crypto-hashes to pay for
content, you can leave it alone. It`s not fundamentally a bad idea,
but Coinbase managed to make it look as shady as possible, which may
well poison the well for anyone with better intentions.`