“Crypto-mining continues to be the dominant threat facing organizations across the world. The attacks on Apple devices are not using any new functionalities. The reason behind the increase is not yet known, but serves to remind us that mobile devices are an often-overlooked element of an organization’s attack surface. It’s critical that mobile devices are protected with a comprehensive threat prevention solution, to stop them being the weak point in corporate security defenses.”
It is understood that all attacks against iOS and Safari devices use the JavaScript mining program — Coinhive, which can be easily integrated into any web application to steal the processing power when the program is opened.
Attackers use the Coinhive mining program to secretly mine Monero. Unlike Bitcoin, the Monroe blockchain provides almost untrackable transactions; this feature makes it quite attractive to most scammers.
Although Coinhive-based attacks are not designed to steal data and infect other victims, they can lock and serve the devices they attack. This is a challenging problem for users who don’t have enough cybersecurity expertise.
Check Point pointed out in the report that the reasons behind the growth are still unclear, but this reminds people that mobile devices are often overlooked elements of an organisation’s attack interface. Crucially, mobile devices need to be protected against comprehensive threat prevention solutions, so they don’t become a weak link in corporate security defences.
At the moment, Coinhive-based cryptocurrency mining attacks affect nearly 19% of the world’s organisations. At the same time, other encryption mining programs like Cryptoloot, XMRig, Jsecoin and others have appeared on Check Point’s top ten threat index list.