Cyber Threat: A New Malware is Gradually Increasing in Africa

A new cyber threat on the block that is more slippery than anything we have observed before  has emerged and that's why it's currently the malware of choice for hackers all over the African continent.

Even though cryptocurrency-mining malware is comparatively fresh on the cybercrime landscape, it’s still the giant malware in the major markets in the whole of Africa for some months.

In the month of April 2018, Check Point's Global Threat Index indicated that Coinhive, XMRig (open-source CPU mining software used for mining Monero cryptocurrency) and Cryptoloot were among the top six malware throughout Kenya, Nigeria and South Africa and Coinhive was ranked as the number one malware family in these three respective countries in May.

Unlike other malwares, these three are prolific cryptocurrency-mining malware since they hijack a system instead of holding it to ransom. Coinhive sucks a machine's computational resources to carry out Monero cryptocurrency mining operation normally when an unaware user visits a web page. Cryptoloot uses the central processing unit (CPU) power in order to add new transactions to blockchain hence distributing a new currency.

Mining operations takes large volumes of power that increases electricity bills, and overloads the CPU of the infected machines that greatly slows down hardware performance dramatically and also goes on to lower systems' serviceability. Machines gradually slow down and heat up which causes a great reduction in user productivity.

The worst part about cryptocurrency-mining malware is that cryptominers don't need your permission to carry out an operation in attempt of making profits, all they need is your browser to be up and running. Hackers can manage infecting your company's web servers thereby embedding the mining javascript in your sites' HTML pages. The malware usually succeeds due to poor server patching.

Check Point's researchers revealed that an astonishing 46% of the world's organisations have been highly targeted because of their Microsoft Windows Server 2003 vulnerability and  40% are attacked due to Oracle Weblogic vulnerability. Both of these patches have been available to the public for at least half a year.

Since cryptocurrency miners can infect any type of device such as browsers, desktops, mobile phones and servers,  the best way to protect against the exploitation of servers is to use a multi-layered security approach by filtering out mining components within websites and removing miners from mobile devices.