Crypto-mining malware attacks against iPhones went up 400% in the last two weeks of September, security firm Check Point notes in a new report.

Crypto-mining attacks have intensified over the past couple of years, fueled by a massive surge in the price of crypto-currencies. Threats range from botnets to fileless malware and malicious programs that abuse NSA-linked exploits for propagation. Industrial systems are frequently hit as well.

Mobile users are being targeted as well, either with Trojans that can steal crypto-currencies or with various types of miners.

While most of these attacks target Android, iPhone users weren’t spared either, as Check Point reveals. Amid a four-fold increase in crypto-mining malware assaults on iPhones, attacks on Safari users also intensified, the security firm reveals.

The attacks used the Coinhive mining malware, which emerged as the leading threat in December 2017 and has remained the top malware ever since. At the moment, Coinhive impacts 19% of organizations worldwide.

“Crypto-mining continues to be the dominant threat facing organizations across the world. The attacks on Apple devices are not using any new functionalities. The reason behind the increase is not yet known, but serves to remind us that mobile devices are an often-overlooked element of an organization’s attack surface,” Check Point says.

While the Coinhive mining code was at the top of the most active malware list, it wasn’t the only crypto-currency related malware there. Cryptoloot (Coinhive competitor), with Jsecoin (JavaScript miner), and XMRig (open-source CPU mining software) are also present on the list, on the third, fifth and eighth position, respectively.

Other malware families present on the list are Dorkbot, a worm that supports remote code execution, the Andromeda bot, Roughted malvertising campaign, Ramnit banking Trojan, Conficker worm, and the Emotet Trojan.

The top 3 most exploited vulnerabilities in September, were in Microsoft IIS WebDAV, OpenSSL, and PHPMyAdmin.

“CVE-2017-7269 is the most popular exploited vulnerability for the 7th consecutive with global impact of 48% of organizations. In second place [is] CVE-2016-6309 with a global impact of 43%, closely followed by Web servers PHPMyAdmin Misconfiguration Code Injection impacting 42% of organizations,” Check Point notes.

Related: Avoid Becoming a Crypto-Mining Bot: Where to Look for Mining Malware and How to Respond

Related: Crypto-Miners Slip Into Google Play

Tags: