Skip to content
July 9, 2026
  • Linkedin
  • Twitter
  • Facebook
  • Youtube

Daily CyberSecurity

Zero-hour alerts. Unmatched analysis.

Primary Menu
  • Home
  • CVE Watchtower
  • Cyber Criminals
  • Data Leak
  • Linux
  • Malware
  • Vulnerability
  • Submit Press Release
  • Vulnerability Report
Light/Dark Button
  • Home
  • News
  • Malware
  • Check Point released February 2018’s Top 10 ‘Most Wanted’ Malware
  • Malware

Check Point released February 2018’s Top 10 ‘Most Wanted’ Malware

Do Son March 14, 2018 3 minutes read
Add Daily CyberSecurity as a preferred source on Google

The latest report from checkpoint, the security company, the Global Malware Threat Impact Index, online released the top 10 malware of February 2018, most popular with cybercriminals.

Since February of this year, cryptocurrency mining malware has continued to affect global companies. According to Check Point statistics, 42% of companies worldwide are affected.

Coinhive is still the most popular malware, affecting 20% of the world’s companies, followed by Cryptoloot 16% and Rigek 15%.

Cryptoloot entered the top three for the first time. In order to compete with Coinhive, Cryptoloot has been trying to expand its customer base through “benefit” to reverse the situation in the encryption market. As a result, its global influence this month more than doubled, from 7% in January to 16% in February.

Image: checkpoint

In the past four months, cryptocurrency mining malware has continued to increase. Because for cybercriminals, it is more profitable than other malware.

It is worth noting that, in addition to slowing the speed of computers or servers, cryptocurrency mining malware can also carry out other malicious activities within the infected system. It is imperative for companies and other organizations to develop appropriate solutions to this type of malicious software to prevent new large-scale cyber attacks.

February 2018’s Top 10 ‘Most Wanted’ Malware:

  1. ↔ Coinhive – Crypto-Miner designed to perform online mining of Monero cryptocurrency when a user visits a web page without the user’s approval.
  2. ↑ Cryptoloot – Crypto-Miner that uses the victim’s CPU or GPU power and existing resources for crypto mining – adding transactions to the blockchain and releasing new currency.
  3. ↔ Rig ek – Rig delivers Exploits for Flash, Java, Silverlight and Internet Explorer
  4. ↑ JSEcoin – JavaScript miner that can be embedded in websites.
  5. ↓ Roughted – Large scale Malvertising used to deliver various malicious websites and payloads such as scams, adware, exploit kits and ransomware.
  6. ↓ Fireball – Browser-hijacker that can be turned into a full-functioning malware downloader.
  7. ↑ Necurs – Botnet used to spread malware by spam emails, mainly Ransomware and Banking Trojans.
  8. ↓ Andromeda – Modular bot used mainly as a backdoor to deliver additional malware on infected hosts.
  9. ↑ Virut – Botnet known to be used for cybercrime activities such as DDoS attacks, spam, fraud, data theft, and pay-per-install activities.
  10. ↓ Ramnit – Banking Trojan that steals banking credentials, FTP passwords, session cookies and personal data.

February’s Top 3 ‘Most Wanted’ mobile malware:

  1. Triada –  Modular Backdoor for Android which grants superuser privileges to downloaded malware.
  2. Lokibot – Android banking Trojan and info-stealer, which can also turn into a ransomware that locks the phone.
  3. Hiddad– Android malware which repackages legitimate apps then releases them to a third-party store.

Get Zero-Hour Vulnerability Alerts

Critical CVEs, CVSS scores, and PoC updates — straight to your inbox every week.


We respect your inbox. Unsubscribe anytime.

Related coverage

  • Skitnet Analysis: Nim, Rust, and DNS Abuse in Advanced Malware Campaign
  • Mallox Ransomware Affiliates Target MS-SQL Servers with PureCrypter
  • “SeedSnatcher” Android Malware Targets Crypto Users, Using Overlay Phishing and BIP 39 Validation to Steal Seed Phrases
  • Privacy and Financial Security at Risk: McAfee Labs Warns of SpyLoan Applications
  • “DanaBleed” Flaw Exposes DanaBot’s Inner Workings for Three Years

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee Logo Buy Me a Coffee PayPal
Crypto QR Code
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce

Share this article:

Facebook Post LinkedIn Telegram
Written by
@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.

Tags: Top 10 ‘Most Wanted’ Malware

Search

Translation

CVE WATCHTOWER
🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

Upgrade Package

🚨 Active Exploits in the Wild

  • CVE-2026-55255CVSS 8.4
    Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, an Insecure Direct...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-48908
    A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-56290
    The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-20896CVSS 9.8
    Gitea Docker image: `REVERSE_PROXY_TRUSTED_PROXIES = *` default lets any source IP impersonate any user via `X-WEBAUTH-USER`
    Admin intel📅 Updated: Jul 6, 2026
  • CVE-2026-48282CVSS 10.0
    ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted...
    Admin intelCISA KEV📅 Added to KEV: Jul 7, 2026📅 Updated: Jul 3, 2026
  • CVE-2024-14037CVSS 9.8
    Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution...
    Admin intel📅 Updated: Jul 3, 2026
  • CVE-2026-8451CVSS 8.8
    Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured...
    Admin intel📅 Updated: Jul 2, 2026
  • CVE-2026-8037CVSS 9.6
    OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to...
    Admin intel📅 Updated: Jul 1, 2026
Powered by CVE Watchtower

🔴 Live Critical Threats

  • CVE-2026-5955CVSS 9.8
    Improper neutralization of special elements used in an SQL command ('SQL injection')...
  • CVE-2026-2342CVSS 9.3
    Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in...
  • CVE-2026-15158CVSS 9.8
    The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload...
  • CVE-2026-14245CVSS 9.8
    The miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress is...
  • CVE-2026-47646CVSS 9.3
    Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics...
  • CVE-2026-54782CVSS 10.0
    CoreWCF is a port of the service side of Windows Communication Foundation...
  • CVE-2026-15113CVSS 9.6
    Use after free in Autofill in Google Chrome on Android prior to...
  • CVE-2026-44024CVSS 9.8
    Fluentd collects events from various data sources and writes them to files,...
  • CVE-2026-53649CVSS 9.6
    # Unauthenticated Cross-Origin Plugin Upload Leads to RCE (Joro ≤ v1.1.0) **Severity:**...
  • CVE-2026-52831CVSS 10.0
    ## Summary Nuclio controller builds a `curl` invocation string for each cron...
Powered by CVE WATCHTOWER

Our Websites
  • Penetration Testing Tools
  • The Daily Information Technology
  • Daily CyberSecurity

    • About SecurityOnline.info
    • Advertise with us
    • Announcement
    • Contact
    • Contributor Register
    • Login
    • About SecurityOnline.info
    • Advertise on SecurityOnline.info
    • Contact Us

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works

    • Disclaimer
    • Privacy Policy
    • DMCA NOTICE
    • Linkedin
    • Twitter
    • Facebook
    • Youtube
    © 2017 - 2026 Daily CyberSecurity. All Rights Reserved.