Cryptojacking attacks against iPhone devices increase

Share this…

Cryptocurrency mining attacks on Apple devices have increased almost 400% in the last month

During the last two weeks of September cryptojacking attacks against iPhone and others devices using the Safari browser increased four times the previous average.

A cybersecurity and digital forensics firm has begun to investigate the reasons behind this significant increase in attacks with cryptocurrency mining software, reporting that, during September this year, the most common malware were the crypto miners, being CoinHive the most used in its kind, just like last year.

While Coinhive currently affects 19% of organizations worldwide, researchers also reported that the Dorkbot Trojan remained in second place with a 7% global impact. The report also noted a significant increase in Coinhive attacks against PCs. Also, the attackers used the Coinhive mining malware to target iPhone devices, which coincided with an increase in attacks against users of the Safari browser, used on Apple gadgets.

Behind CoinHive and Dorkbot, in the third place in the attack index is Cryptoloot. The operators of both tools request to the sites where they operate a portion of the profits generated by the cryptojacking; Cryptoloot demands a smaller percentage than CoinHive.

“Cryptocurrency mining continues to be a major threat to global organizations”, said Maya Horowitz, a digital forensics specialist in charge of the investigation, in a press release. “The most interesting thing we’ve noticed is the increase in attacks against iPhone devices and other gadgets that use the Safari browser over the last month. These attacks on Apple devices do not use new features, so we continue to investigate the possible reasons behind this behavior”.

“As the investigators publish their conclusions, these kinds of attacks are a reminder that mobile devices are an element that is often overlooked on the attack surface of an organization, so it is essential that these devices are protected with a comprehensive threat-prevention solution to prevent them from being a weak link in the organizational structure”.

According to reports of specialists in digital forensics from the International Institute of Cyber Security, the vulnerability known as Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow (CVE-2017-7269) has been the most exploited flaw against organizations around the world, with 48% of the attacks on companies in total during the first eight months of 2018.