Posted on

Report Shows Cryptojacking Is Prime Example of Shift Towards Discreet Cyberattacks

A recent report shows that cryptojacking is a prime example of cybercriminals’ shift to “low and slow” attack approaches.

Cybercriminals are reportedly favoring unhurried approaches in attacks made for financial gains, with cryptojacking as a prime example of this shift. IT news website ComputerWorld reported on this development on March 14.

Data released by cybersecurity company Darktrace reveals that cryptojacking attempts increased by 78 percent in 2018, and, according to ComputerWorld, the company also said that this trend continued in 2019.

The ComputerWorld article cites Max Heinemeyer, director of threat hunting at Darktrace, commenting on the findings. He reportedly said that since many ransomware victims may be unable to pay a ransom in Bitcoin (BTC) due to technical ineptitude, cryptojacking might be a better approach.

He added that “it [cryptojacking] is low and slow and guarantees a profit,” while ransomware does not. ComputerWorld also quotes Heinemeyer as stating that the barriers to entry to creating cryptojacking malware are low.

Heinemeyer also said that other methods, such as stealing credit card credentials, are cumbersome since criminals need to establish money laundering networks in order to avoid law enforcement. Lastly, he also noted:

“We’ve seen so many different variants of how these pieces of malware are spreading or being loaded.”

Per the report, he cited a company based out of the United Kingdom that saw over 400 devices very quickly infected by a cryptojacking malware after an initial infection via a phishing email. Also, according to Heinemeyer, one system admin installed a mining device underneath the floorboards of the data center where he worked at a major European bank in a creative cryptojacking move.

The article also suggests that such attacks mine the Monero (XMR) blockchain, since unlike Bitcoin, it is more suitable for mining on non-specialized, even consumer-grade, hardware. However, Cointelegraph recently wrote that a Monero upgrade has made the coin more resistant to ASIC mining.

As Cointelegraph has reported, of about 400 servers running virtualization software Docker that were found to be vulnerable to outside exploitation, most were seemingly running Monero mining software.

Also, United States-based software corporation Microsoft has removed eight Windows 10 applications from its official app store after cybersecurity firm Symantec identified the presence of surreptitious Monero coin mining code in February.

Posted on

Majority of 400 Vulnerable Docker Servers Found to Be Mining Monero, Research Shows

Hundreds of vulnerable servers on software Docker were seemingly running Monero mining software.

About 400 servers running virtualization software Docker were found to be vulnerable to outside exploitation. Most of them were seemingly running Monero (XMR) mining software, cybersecurity company Imperva reports on March 4.

A misconfiguration of the vulnerable Docker hosts permits public access to the Docker API, which should only be locally accessible. This misconfiguration, combined with a newly discovered vulnerability, allows attackers to obtain administrator rights on the server and install software of their choice.

Since a hacker could install any software this way, the vulnerability doesn’t only permit cryptojacking, but also the installation of any other malware or use of the hosts to carry out any kind of attacks. Researchers at Imperva claim to have found 3,822 misconfigured hosts (with the API exposed), of which about 400 were actually accessible. The report notes:

“We found that most of the [400] exposed Docker remote API IPs are running a cryptocurrency miner for a currency called Monero.”

Lastly, the data on the server is also accessible to the hacker, including the database and some unencrypted credentials, including passwords, Imperva notes.

As Cointelegraph reported in mid-February, United States-based software corporation Microsoft has removed eight Windows 10 applications from its official app store after cybersecurity firm Symantec identified the presence of surreptitious Monero mining code.

Also in February, Cointelegraph wrote that cryptocurrency mining malware continues to target major corporations, hijacking victims to mine altcoin Monero.

While cryptojaking is seemingly widely used as a way to earn money among cybercriminals, legitimate cryptocurrency mining service Coinhive, which specifically mines Monero, has shut down at the end of February, as the project has reportedly become economically inviable.

Posted on

Report: Number of Routers Affected by Crypto Malware Doubled Since August, Reaching 415K

A security researcher claims that the number of MikroTik routers affected by cryptojacking malware has doubled since August 2018.

The number of MikroTik routers affected by cryptojacking malware has repotedly doubled since summer 2018, reaching 415,000, security researcher VriesHd tweeted Sunday, Dec. 2.

Since August, VriesHd has been reporting on crypto malware that targets routers and forces them to mine cryptocurrencies along with the researchers from Bad Packets Report.

They revealed that routers by Mikrotik, a Latvian manufacturer of network equipment, were compromised by at least 16 different types of malware including Coinhive, a cryptojacking software mining privacy-oriented cryptocurrency Monero (XMR).

By September the estimated number of compromised routers surpassed 280,000, according to Bad Packets. In the recent tweet VriesHd explains that he has only checked three possible ways to abuse MikroTik, although there may be several more. VriesHd’s review, which is only based on preliminary projections, shows 415,000 routers affected.

As VriesHd told tech news outlet The Next Web, the attackers have recently switched from Coinhive to other mining software, such as Omine and CoinImp. He also noted that the exact number might be slightly off, as the data only reflects IP addresses infected. However, he believes the number is still high. “It wouldn’t surprise me if the actual number […] would be somewhere around 350,000 to 400,000,” VriesHd said.

As Cointelegraph previously reported, Brazil is the most affected by cryptojacking. According to research by Iran’s cybersecurity authority, Brazil was hit over 81,000 times by Coinhive in October alone. India came in second with around 29,000 incidents, followed by Indonesia with more than 23,000. Iran itself experienced around 11,000.

According to a Bloomberg report, the total number of crypto mining malware infections increased 500 percent this year after hackers allegedly stolen a code targeting Microsoft Systems from the U.S. National Security Agency (NSA).

Another report by network and enterprise security company Palo Alto Networks found that around 5 percent of all Monero in circulation was mined through cryptojacking.

Posted on

Cyber Security Firm Check Point Research Reports of ‘Evolving’ Monero Cryptojacker

Cyber security firm Check Point Research has found that the cryptojacking malware KingMiner is “evolving” as it targets XMR and attacks Windows Servers.

Cyber security firm Check Point Research has found that the KingMiner cryptojacker targeting cryptocurrency Monero (XMR) is “evolving,” according to a company’s blog post published Nov. 30.

KingMiner was purportedly firstly detected in mid-June, subsequently evolving in two improved versions. The malware attacks Windows Servers by deploying various evasion methods to skirt its detection. Per Check Point data, several detection engines have registered significantly decreased detection rates, while sensor logs have shown a growing number of KingMiner attacks.

The firm has been monitoring KingMiner activity over the past six months and concluded that the malware has evolved in two new versions. The blog post further explains:

“The malware continuously adds new features and bypass methods to avoid emulation. Mainly, it manipulates the needed files and creates a dependency which is critical during emulation. In addition, as part of the malware’s ongoing evolution, we have found many placeholders for future operations or upcoming updates which will make this malware even harder to detect.”

Check Point has determined that KingMiner uses a private mining pool to bypass any detection of their activities, wherein the pool’s (API) is turned off and the wallet is not used in any public mining pools. The attacks are reportedly widely spread around the world.

According to the company’s findings, the malicious software attempts to guess passwords of the servers it attacks. Once a user downloads and executes the Windows Scriptlet file, it reportedly identifies the relevant Central Processing Unit (CPU) architecture of the device and downloads a payload ZIP file based on the detected CPU architecture.

The malware eventually destroys the relevant .exe file process and deletes the files themselves, if older versions of the attack files exist. Check Point also notes that the file is not an actual ZIP file, but rather an XML file, which will circumvent emulation attempts.

As Cointelegraph reported yesterday, Russian internet security company Kaspersky Labs has found that crypto mining malware became increasingly popular among botnets in 2018. During the Q1 2018 cryptojacking “boom,” the share of cryptojacking malware downloaded by botnets, out of total files, hit 4.6 percent — as compared with 2.9 percent in Q2 2017.

Botnets are reportedly therefore becoming increasingly viewed as a means of spreading crypto mining malware, with cybercriminals increasingly viewing cryptojacking as more favorable than other attack vectors.

Posted on

Firefox Browser To Address Crypto Malware Concerns In Upcoming Update

Mozilla Firefox To Combat CryptoMining

The Mozilla Foundation, the California-based firm behind the ever so popular Firefox browser, has finally made its first formal mention of the nascent cryptocurrency industry, but sadly not in an optimal context.

On August 30th, Mozilla issued a blog post highlighting a series of upgrades it intends to make for its flagship product, the Mozilla Firefox browser.

The technology firm outlined a series of improvements that were meant to increase the performance and security of the browser, which included improving page load speeds, “removing cross-site tracking,” and most importantly, mitigating harmful practices enacted by malicious users.

Although this may be dull to some, what caught the eye of many cryptocurrency enthusiasts was the

Image Courtesy of Mozilla

mention of “cryptomining scripts” in the aforementioned post. The firm noted that it intends to crack down on sites that introduce cryptomining scripts onto consumer computers, adding that future versions of Firefox will “block these practices by default.”

Mozilla Product VP Nick Nuygen, who authored the post, elaborated on the plan, writing:

Other sites have deployed cryptomining scripts that silently mine cryptocurrencies on the user’s device. Practices like these make the web a more hostile place to be. Future versions of Firefox will block these practices by default.

Nuygen went on to explain that this move will give consumers “a voice” and will help to “empower Firefox users” to be more in control of their experience on the web. This feature will first be beta tested on Firefox Nightly, which will ensure that malicious scripts are blocked effectively.

Mozilla isn’t the only firm to take a harsh stance against cryptomining, as many prominent companies consider it a threat to the security and safety of millions of consumers around the globe, especially in a word that is becoming increasingly digital.

As reported by Ethereum World News previously, Google has taken a harsh stance against cryptomining, recently establishing a rule that banned all cryptocurrency mining applications from its mobile play store and web store. Although the technology giant has shown the slightest hints of interest in blockchain technologies, it seems that the firm intends to remain heavy-handed when it comes to products relating to the potentially malicious action of cryptomining, cryptojacking and the like.

Opera, which sits behind Google Chrome, Firefox, Microsoft’s Edge and Apple’s Safari as the most popular internet browser, has also taken a stance against in-browser “bitcoin mining,” but was ahead of the curb as it introduced anti-bitcoin mining measures in January 2018.

Although cryptocurrencies are undoubtedly seeing adoption, acceptance, and growth in every nook and cranny, it goes without saying that there are still issues with this newfangled technology. Whether it be the aforementioned cryptomining epidemic or the widespread hacking of wallets, it is clear that security remains a legitimate concern for many.

Title Image Courtesy of J. Albert Bowden ll @ Flickr
Girl in a jacket


Posted on

BitAngels’ Michael Terpin: Negligence of Major Phone Companies Is Crypto’s Biggest Threat

This interview has been edited and condensed.

Michael Terpin is an American blockchain and crypto investor who has worked with over 100 projects running Initial Coin Offerings (ICOs) since entering the blockchain space in early 2013.

Terpin co-founded  BitAngels in 2013 and, more recently, founded blockchain PR firm Transform Group. The investor and entrepreneur recently hit mainstream and crypto media headlines following his high profile case against U.S. telecom giant AT&T. Terpin is suing AT&T for negligence that allegedly resulted in the theft of over $24 million of Terpin’s crypto holdings.

Cointelegraph sat down with Terpin at BlockShow Americas in Las Vegas to get into the details of the case, discuss the current ICO landscape, the difference between centralized and decentralized cryptocurrencies and where he sees Bitcoin’s price three to five years from now.

Crypto’s Biggest Threat

Olivia Capozzalo: The story that is going on right now with AT&T — can you tell our readers what happened?

Michael Terpin: Sure. So, the entire crypto community has been targeted by gangs — crypto gangs — for quite some time, and it accelerated as the price of Bitcoin and other crypto assets went up.

Right now, the biggest risk to anybody who’s high profile in the crypto industry, and really anybody who has identifiable involvement in the community, is that major phone companies promise you security and don’t deliver it.  

So, I’ve been hacked twice: The first time was last year — it’s all in my lawsuit. I did not lose that much the first time, I thought my crypto assets were already pretty secure because I have all my major assets in bank vaults and Trezors and Ledgers. But as an investor and marketer in this space, I have, you know, dozens of different cryptocurrencies that don’t neatly fit into any of those profiles.

The only reason that they did get in there is because AT&T allowed one of their reps in a store in Connecticut to give my six-digit code that they told me when I requested a higher level of authorization of security.

What they did not say is that any low-level, $10-an-hour store clerk can override that authorization. Normally, when you think that there’s a password that is supposed to be a high-level password to protect you, it would be like a PIN number in a bank.

So, only one of two things is possible: Either the person is a complete idiot and cooperating with the hackers unknowingly — which still shouldn’t have been allowed under the way that they promised it to me — or he’s part of the gang and just got bribed.

And there’s a lot of evidence that this is going on pretty widely right now.

OC: I want to walk through this step-by-step, because I think that helps people also understand how they can prevent this kind of thing, if that’s even possible.

So, what that looks like, you’re saying, is that a person goes into a physical AT&T store and says that they’re you?

MT: That’s correct. Or they pretended someone is in there, and they scanned, you know, a subway card and said it didn’t scan, and then did a manual override.

It’s quite possible the AT&T rep did it with nobody actually in the store at all. You know, case after case is coming out, and there’ve been several arrests in July that all have in common AT&T employees who were basically bribed.

You can watch the full interview here:

[embedded content]

OC: Okay. Say this person gets access to your identity, they’re getting access to your phone number on a different phone, right?

MT: When an AT&T rep turns over your digital identity, they turn over anything that would have access to your phone number.

OC: Basically what happens is that they now have access to change your passwords, because they just confirm with the phone number?

MT: They have access to anything that has the phone number attached to it as a form of verification, which is much broader than wallets.

OC: Right. So, it can be a two-factor thing, but it wouldn’t be Google 2FA…

MT: This was not an exchange. So, there are many other pieces of software that have your phone number as your identity.

OC: Okay, right. So, at the end of the day though, we’re talking about millions, like, $20 million, right?

MT: Correct.

OС: $24 million, I believe. Not to be offensive, but why was that much money in a place that was accessible by a phone number?

MT: It should not have been accessible other than being broken into and being handed over, and having the hackers be able to go and prowl around all sorts of things that were within my network of computers.

Because they were able to get access to that through this. So, it wasn’t as simple as — and it wasn’t, as has been misreported — “Oh, I had a Coinbase account, and they were able to reset that.” That was not an exchange, it was a native wallet.

OC: A native wallet. Because, what you’re saying is that you couldn’t store these currencies in a cold storage?

MT: Nope.

Most of the smaller tokens – anything that’s not Bitcoin, or Ethereum or ERC-20 tokens – are not storable on cold storage; they have to be stored in, you know, in a paper wallet or, in order to be able to stake new tokens, they have to be stored, essentially, in the native wallet.

OC: Okay so, now that you’re going through this nightmare with AT&T, can you give some advice to investors overall?


Sure. I would say, if you are a recognizable person in the crypto industry, you can’t use any of the major four phone companies, period.

If you for some reason need to use them, you have to make sure that any time that you use any piece of software that ever asks your phone number, do not give AT&T or any of the other ones.

So, the ways of getting around this — which is what I do now — is you have to have a Google Voice number.

But you have to have something that does not have a retail store where a $10-an-hour employee can be bribed to give up your information and your digital life.

OC: And you see this as an organized effort, you said, organized crime?

MT: Yes, clearly organized. There are hundreds of millions of people involved.

So, this is not an isolated incident — these are international gangs.

The FBI are very good at sort of following the trail and they’ll do what they do. And I’m certainly working with all of those law enforcement agencies. I have been doing that since the day this happened.

OC: Honestly, before this story came out, I hadn’t really heard of this as like a large-scale problem. The problem I do hear about is crypto-jacking, which you mentioned, via JavaScript malware.

But, just to clarify, do you see this issue with telecom companies as being bigger than crypto-jacking?

MT: Bigger. Much bigger.

It’s SIM-jacking, basically, that’s the biggest threat to individual assets right now.

And it’s something that is surprisingly simple for these telcomm companies to fix — simply: If you’re promising someone, you know, a higher security password, don’t let it be overruled by a $10-an-hour employee, make it mandatory.

Today’s ICO Landscape

OC: You’ve been an investor in the blockchain space for a while, and you have invested in a bunch of ICOs, you mentioned a hundred?

MT: Yes, between PR services and me being an advisor to companies, my firm and I have worked with 103 ICOs.

OC: Wow! A lot of people say the heyday of the ICOs was last year, the year before. Can you sketch out what is happening right now with ICOs that you’re seeing, and if you think it’s a good thing?

MT: You know, I think that when we’re talking about the death of the ICO and this and that, I think it’s too early to say that. I mean, if you take out the infrastructure tokens, I think security tokens will be much larger than utility tokens, because we just don’t have the formats in place right now.

Because there’s no reason why — other than the legacy systems — you can’t buy Google stock easily in France, or why you can’t buy Samsung stock on the New York Stock Exchange.

If you had a token, its global. So, that’s sort of the future that regulators just have to keep up, with how this applies cross-borders.  

But it’s still very early. You know, I like to give the analogy — even though it’s not exact — of the rise of the internet and the rise of blockchain. So, with the rise of the internet, there was a lot of skepticism in the early days, that the internet wasn’t viable.

So, all the stuff that was said about why the internet wasn’t gonna work, insert ‘crypto’ and a lot of things sound a lot the same.

And then, of course, there was a couple of early movements up and down, and then you had this wild ride from like ’98 to the first quarter of 2000, where the Nasdaq went from 1,000 to 5,000 — and, by the peak, when the dotcom bubble popped — you had $5 trillion dollars worth of companies, and that dropped by like 90 percent — a lot of them went out of business.

So, the rising tide lifts all boats, but then, when the water drops to the bottom, you can see all the junk at the bottom of the harbor — and it’s got to be cleared out before it starts going up again.

I think, if you look at the overall chart of Amazon, of eBay, of these other ones, the whole dotcom area now looks like a little tiny blip in the price compared to where it is today. So, I think, similarly, you may be looking at Ethereum, five years from now and seeing this you know 30 cents to $1200 and back down to $300 as a blip, if it’s say $15,000, you know, five years from now, 10 years from now.

I do pretty firmly believe that Bitcoin — it is my own personal belief — will hit a high of at least $50,000 sometime in the next three to five years.

And it seems to be the most predictable thing in terms of the way markets have behaved, that you have a big run-up about a year after the halving, when the supply and demand starts taking root.

Centralized vs. Decentralized

OC: Where do you stand on decentralized versus centralized cryptocurrencies?

MT: I think that when you’re looking at the overall revolution of the blockchain, decentralization is only one of many aspects that makes it revolutionary. Tokenization is just as important.

So, when you’re talking about, say, tokenizing a stock — it’s not decentralized. I think, that decentralization makes the most sense when you’re talking about cross-border payments.

But in terms of the actual technology, the decentralization of Bitcoin is less important than that of cryptocurrencies that base themselves on decentralized consensus, that’s important for the security of knowing that a smart contract cannot be stopped once it gets initiated.

Ideally, the proper way that I think most DApps should work is that you should have a nonprofit foundation that basically is just responsible for having that technology proliferate, and that there should be, then, a for-profit that uses it — that buys the tokens. And that way, you’re sort of keeping the incentives of those who are looking to build a stack separate from those who are keeping the blockchain.

But pure decentralization is tough when you incorporate even some security elements. But I think they’ll develop over time. And again, tokenization is just as important in broad, non-money transference instances.

Posted on

Firefox Plans to Block Crypto Mining Malware in Future Releases

Firefox, the popular Web browser, will soon begin automatically blocking crypto mining malware scripts as part of a wider performance-enhancing push.

The Mozilla Foundation, the not-for-profit organization behind the open-source browser, said Thursday that it intends to block trackers and other “harmful practices” in upcoming releases.

Some of these features, such as the anti-tracking function, are already available in its Firefox Nightly beta version.

The goal is to prevent third-party scripts from hampering the user experience, according to Mozilla vice president of product Nick Nguyen. These scripts are generally embedded within websites and can commandeer a user’s computing power without their knowledge.

Scripts that hijack an individual’s unused computer power to mine cryptocurrencies also fall into this category.

“Deceptive practices that invisibly collect identifiable user information or degrade user experience are becoming more common,” Nguyen wrote, adding:

“For example, some trackers fingerprint users — a technique that allows them to invisibly identify users by their device properties, and which users are unable to control. Other sites have deployed cryptomining scripts that silently mine cryptocurrencies on the user’s device. Practices like these make the web a more hostile place to be. Future versions of Firefox will block these practices by default.”

The Firefox Nightly version will be used to test the functionality of the new features. And if successful, users may begin seeing them enabled by default in the Firefox 63 release.

Mozilla joins other browser developers, including Opera and Google, in trying to protect its users from malicious miners, which can slow down the user experience at best and damage their computers at worst.

Opera announced in January that it was rolling out miner protection to the smartphone version of its browser, which would also be active by default. The company already offered cryptominer protection on its desktop version.

Google, meanwhile, has banned any cryptomining apps from its Play Store, though it has not made any official statements regarding automatically blocking scripts embedded within websites.

Firefox image via Faizal Ramli / Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

Crypto Mining Attacks Soar in First Half of 2018

Malicious cryptomining attacks jumped 956 percent from the first half of 2017 to the first half of 2018, IT security firm Trend Micro reported Wednesday.

In its latest Midyear Security Roundup, Trend Micro researchers noted that there were more than 787,000 detections of malicious cryptocurrency mining software in the first six months of 2018, up from 74,500 detections across a similar period in 2017. The cryptojacking programs detected include both legitimate mining tools being misused and dedicated malware.

The report said that researchers also discovered “47 new cryptocurrency mining malware families,” meaning new groups began developing these programs this year, rather than just a few bad actors reusing the same malware.

Attackers have been increasingly looking into cryptojacking, or using businesses and other victims’ computers to mine cryptocurrencies, the report said. This is a problem for businesses which now need to be aware of these potential threats.

The report explained:

“From an enterprise point of view, the presence of unauthorized cryptocurrency miners in the network is a red flag not only for the affected individual user device but also for overall network security … The new challenge for enterprises lies in the fact that cryptocurrency miners are less visible, more silent threats, the non-detection of which is likely to induce a false sense of security.”

Cryptojacking can damage hardware, resulting in shortened lifespans for businesses’ computers and hurt network performance, the report added. Users’ computers can also slow down, impacting their ability to use their machines as needed.

Some attackers are bypassing cryptomining to instead hack exchanges directly, stealing large amounts of cryptocurrencies, the report said, citing this year’s Coincheck and Coinsecure hacks as two examples.

“Interestingly, these trends persisted even as the value of cryptocurrency itself declined throughout the first half of the year,” the report noted.

Trend Micro’s report follows specific instances of cryptojacking reported by various security researchers over the year. Last month, Kaspersky announced it had discovered a new form of cryptomining malware which targeted corporate networks specifically. Another researcher found a cryptojacker which used an exploit in the Drupal content management system.

Red flag image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

Citrix Survey: More Than Half of UK Companies Hit by Cryptojacking Malware at Some Point

As much as 59 percent of U.K. companies have been affected by cryptojacking malware at some point. Roughly half of those cases took place in the previous month, news outlet Internet of Business reports August 15, citing a research commissioned by Citrix.

According to Internet of Business, the research, commissioned by software company Citrix and performed by OnePoll, asked 750 IT executives from U.K. companies that number more than 250 employees about their experience with cryptojacking attacks.

Cryptojacking malware employs its victim’s computational resources without their permission in order to mine cryptocurrencies for the attacker. This leads to a wasteful increase in electric power consumption and the slowing down of affected devices.

Citrix’s research claims that 59 percent of the respondents said that they have been hit with cryptojacking malware at some point. At least 80 percent of those cases took place in the past six months.

Thirty percent of all companies surveyed have said that they were affected within the previous month alone.


Scale-wise, 60 percent of the respondents have said that up to 50 devices in their company had been hit, while in 11 percent of cases the number went up to 100.

After an attack is discovered, as many as 67 percent of companies have formal policies in place to deal with it — a surprisingly high number for such a recently emerged threat as cryptojacking, Internet of Business notes.

The threat of cryptojacking is very real for companies and individuals worldwide, with the amount of attacks increasing by a whopping 629 percent in the first quarter of 2018, according to an earlier report by security firm McAfee Labs.

Although the interest in this vector of attack has reportedly plateaued in the second quarter of the year — mainly due to the decrease in cryptocurrency prices — the malware is still ubiquitous, in one case even being delivered to victims via a videogame on the Steam marketplace.