Skip to content
July 18, 2026
  • Linkedin
  • Twitter
  • Facebook
  • Youtube

Daily CyberSecurity

Zero-hour alerts. Unmatched analysis.

Primary Menu
  • Home
  • CVE Data
    • CVE Watchtower
    • Top Exploited CVEs
    • CVE Stats by Vendor
    • Q2 2026 Report
  • Cyber Criminals
  • Data Leak
  • Linux
  • Malware
  • Vulnerability
  • Submit Press Release
  • Weekly Recap
Light/Dark Button
  • Home
  • News
  • Malware
  • Check Point Announces Top 10 Most Popular Malware in March 2018
  • Malware

Check Point Announces Top 10 Most Popular Malware in March 2018

Do Son April 18, 2018 5 minutes read
Add Daily CyberSecurity as a preferred source on Google

In the newly released Global Malware Threat Impact Index report, Check Point, a network security company, pointed out that the number of cyberattacks against cryptocurrencies has surged throughout March. Among them, more and more cybercriminals have begun to use the modified XMRig mining program to carry out malicious mining activities.

XMRig was originally a legitimate open-source mining program with multiple updated versions that support 32-bit and 64-bit Windows and Linux operating systems. However, based on its open source nature, several malicious versions have been used by cybercriminals in the past few months to install in the victim’s system without permission to gain illegal profits.

On the other hand, XMRig’s mining behavior exploits the CPU resources of the computer itself and does not involve any web browser interactions. In other words, cybercriminals can use malware developed based on the XMRig mining program to mine money without the victim opening any web pages.

In addition to slowing down the speed of computers or servers, malicious software developed based on XMRig infects a device and starts looking for other devices on the same network to complete self-replication. This can cause serious security threats to victims.

After appearing for the first time in May 2017, XMRig is constantly being revised and updated by cybercriminals, and finally entered Check Point’s list of the top ten most popular malware programs in the world (ranked eighth, affecting 5% of the global organization).

Due to the impact of 18% of the global organization, Coinhive, which also mines malware for cryptocurrencies, has remained at the top spot for the fourth consecutive month. In second place is the exploit tool Rig ek (affects 17%), while another cryptocurrency mining malware, Cryptoloot, came in third (affecting 15%).

Top 10 Most Popular Malware in March 2018

*The arrows relate to the change in rank compared to the previous month.

  1. ↔ Coinhive – Crypto Miner designed to perform online mining of Monero cryptocurrency when a user visits a web page without the user’s knowledge or approval the profits with the user. The implanted JavaScript uses great computational resources of the end users to mine coins and might crash the system.
  2. ↑ Rig ek – Exploit Kit first introduced in 2014. Rig delivers Exploits for Flash, Java, Silverlight and Internet Explorer. The infection chain starts with a redirection to a landing page that contains JavaScript that checks for vulnerable plug-ins and delivers the exploit
  3. ↓ Cryptoloot – Crypto-Miner, using the victim’s CPU or GPU power and existing resources for crypto mining – adding transactions to the blockchain and releasing new currency. It is a competitor to Coinhive, trying to pull the rug under it by asking less percents of revenue from websites.
  4. ↑ Roughted – Large scale Malvertising used to deliver various malicious websites and payloads such as scams, adware, exploit kits and ransomware. It can be used to attack any type of platform and operating system, and utilizes ad-blocker bypassing and fingerprinting in order to make sure it delivers the most relevant attack.
  5. ↓ Jsecoin – JavaScript miner that can be embedded in websites. With JSEcoin, you can run the miner directly in your browser in exchange for an ad-free experience, in-game currency and other incentives
  6. ↔ Fireball – Browser-hijacker that can be turned into a full-functioning malware downloader. It is capable of executing any code on the victim machines, resulting in a wide range of actions from stealing credentials to dropping additional malware.
  7. ↑ Andromeda – Modular bot used mainly as a backdoor to deliver additional malware on infected hosts, but can be modified to create different types of botnets.
  8. ↑ XMRig– XMRig is an open-source CPU mining software used for the mining process of the Monero cryptocurrency, and first seen in-the-wild in May 2017.
  9. ↓ Necurs – Botnet used to spread malware by spam emails, mainly Ransomware and Banking Trojans.
  10. ↑ Conficker – Worm that allows remote operations and malware download. The infected machine is controlled by a botnet, which contacts its Command & Control server to receive instructions.

 March’s Top 3 ‘Most Wanted’ mobile malware:

  1. Lokibot –  Android banking Trojan and info-stealer, which can also turn into a ransomware that locks the phone.
  2. Triada – Modular Backdoor for Android which grants superuser privileges to downloaded malware.
  3. Hiddad– Android malware which repackages legitimate apps then releases them to a third-party store.

The three most popular security vulnerabilities in March 2018

Oracle WebLogic WLS Security Component Remote Code Execution Vulnerability (CVE-2017-10271), global impact rate of 26% – It resides in Oracle WebLogic’s WLS component, derived from Oracle WebLogic’s incorrect approach to processing xml decoding, successful use May cause remote code execution.

SQL injection vulnerabilities, global impact rate of 19% – Injecting SQL queries into the input from the client to the application, taking advantage of the specificity of the database to gain more information or more permissions.

Microsoft Windows HTTP.sys Remote Code Execution Vulnerability (MS15-034: CVE-2015-1635), Global Impact Rate is 12% – Vulnerability is caused by HTTP.sys handling malicious HTTP headers in a wrong way. Successful exploitation will result in Remote Code Execution.

Related coverage

  • Abyss Locker Ransomware: Inside the Stealthy Network Intrusions and Destructive Attacks
  • Stealerium: How an Open-Source Infostealer Is Being Used in Phishing Campaigns
  • Velvet Chollima Leaves Backend Keys Inside Critical GitLab Dead-Drop Malware
  • Trendmicro found new Monero-Mining HiddenMiner Android Malware
  • Stealthy Backdoors: SparkCockpit & SparkTar Remain Undetected
Track all actively exploited CVEs →

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee Logo Buy Me a Coffee PayPal
Crypto QR Code
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce

Share this article:

Facebook Post LinkedIn Telegram
Written by
@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.

Tags: top 10 Popular Malware

Search

Translation

CVE WATCHTOWER
🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

Upgrade Package

🚨 Active Exploits in the Wild

  • CVE-2026-6875CVSS 9.5
    ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability...
    Admin intel📅 Updated: Jul 18, 2026
  • CVE-2026-39808CVSS 9.8
    A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox...
    CISA KEV📅 Added to KEV: Jul 16, 2026
  • CVE-2026-25089CVSS 9.8
    A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox...
    CISA KEV📅 Added to KEV: Jul 16, 2026
  • CVE-2026-58644CVSS 9.8
    Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.
    CISA KEV📅 Added to KEV: Jul 16, 2026
  • CVE-2023-4346CVSS 7.5
    KNX devices that use KNX Connection Authorization and support Option 1 are, depending on the implementation, vulnerable to...
    CISA KEV📅 Added to KEV: Jul 15, 2026
  • CVE-2026-53362
    In the Linux kernel, the following vulnerability has been resolved: ipv6: account for fraggap on the paged allocation...
    Admin intel📅 Updated: Jul 14, 2026
  • CVE-2026-46242CVSS 7.8
    In the Linux kernel, the following vulnerability has been resolved: eventpoll: fix ep_remove struct eventpoll / struct file...
    Admin intel📅 Updated: Jul 14, 2026
  • CVE-2026-56155CVSS 7.8
    Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate...
    CISA KEV📅 Added to KEV: Jul 14, 2026
Powered by CVE Watchtower

🔴 Live Critical Threats

  • CVE-2026-16117CVSS 10.0
    Impact: @fastify/http-proxy versions up to and including 11.5.0 fail to rewrite the...
  • CVE-2026-47865CVSS 9.8
    VMware Avi Load Balancer contains an authentication bypass vulnerability. A malicious user...
  • CVE-2026-55518CVSS 9.6
    Avo is a framework to create admin panels for Ruby on Rails...
  • CVE-2026-54159CVSS 10.0
    PrestaShop ps_facetedsearch is a module that adds layered navigation filters. From 3.0.0...
  • CVE-2026-48062CVSS 9.8
    CodeIgniter is a PHP full-stack web framework. Prior to 4.7.3, the ext_in...
  • CVE-2026-13446CVSS 9.8
    IBM Langflow OSS 1.0.0 through 1.10.1 contains hard-coded credentials, such as a password...
  • CVE-2026-8859CVSS 9.9
    IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow an attacker to...
  • CVE-2026-8635CVSS 9.9
    IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to escalate privileges...
  • CVE-2026-8505CVSS 9.8
    IBM Langflow OSS 1.0.0 through 1.10.0 has a vulnerability in Langflow's webhook...
  • CVE-2026-8476CVSS 9.9
    IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution...
Powered by CVE WATCHTOWER

Our Websites
  • Penetration Testing Tools
  • The Daily Information Technology
  • Top Exploited CVEs
  • Daily CyberSecurity

    • About SecurityOnline.info
    • Advertise with us
    • Announcement
    • Contact
    • Contributor Register
    • Login
    • Disclaimer
    • DCMA
    • Privacy Policy
    • About SecurityOnline.info
    • Advertise on SecurityOnline.info
    • Contact Us

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works

    • CVE Watchtower
    • CVE Statistics by Vendor 2026
    • Q2 2026 Report
    • Top Exploited CVEs
    • Linkedin
    • Twitter
    • Facebook
    • Youtube
    © 2017 - 2026 Daily CyberSecurity. All Rights Reserved.