AhnLab Released Analysis of Cryptocurrency Malware in 2019

Cryptocurrency Malware

AhnLab, Inc., a leader in cyber threat analysis, released an analysis of cryptocurrency malware, also known as CoinMiner, highlighting the major trends during the first half of 2019.

According to AhnLab’s analysis, the total number of CoinMiner has decreased compared to that of last year. Nonetheless, CoinMiner has expanded its target to smartphone and enterprise end-users.


During the first half of 2019, AhnLab collected a total of 1.22 million CoinMiner samples, including variants of existing ones. Compared with 1.87 million found during the previous year, there was a 35% decrease. With the decrease of new malware samples, the number of infections also decreased by 90%.

AhnLab concluded that private organizations, such as security companies and public institutions, lowered the chance of infection by promptly responding to new CoinMiner. Also, decrease in the overall profitability of CoinMiner may have also played a role, despite the steady rise of cryptocurrency value.

While there was a decrease in the number of samples and infections, CoinMiner extended its target from PCs to smartphone (Android OS) and enterprise servers.

To target smartphone users, CoinMiner disguised as a popular mobile game and virtual currency wallet. For enterprise targets, CoinMiner was installed on a high-performance server equipment by exploiting server vulnerabilities. In addition to the traditional distribution method via email, CoinMiner also utilized the “drive-by mining” technique to hack vulnerable websites and distribute malware to website visitors.

How to prevent the development of the Cryptocurrency malware

To prevent damages from CoinMiner attacks, it is necessary to implement security measures by avoiding the installation of programs and applications from unknown sources. Also, it is significant to update and apply security patches for Operating Systems (OS), Internet browsers (IE, Chrome, Firefox), and Office software. To avoid malicious-suspected websites, maintain the latest version of vaccines (PC, mobile) and conduct periodic malware scan.

“During the first half of this year, the amount of CoinMiner has significantly decreased, but it may rise again unexpectedly due to various factors, such as the rise of cryptocurrency value. Thereby, we need to be more alert as CoinMiner is distributed across various devices and extends its target to enterprise users.” said Chang-kyu Han, Director of the AhnLab Security Emergency response Center (ASEC).

Source: AhnLab.com

This post is available in: viTiếng Việt enEnglish