GTIC Monero Mining Malware

At NTT Security, our Global Threat Intelligence Platform (GTIP) has visibility into 40% of global internet traffic and we gather data from a wide range of sources including the internet, cloud, managed security services, communities and partners.

The NTT Security Global Threat Intelligence Center (GTIC) Monero Mining Malware Report provides a glimpse inside the research conducted by NTT Security researchers over the last three months – including analysis of events identified through global visibility of the NTT Security client base.

This research report contains observations and analysis of attack types and sources and also provides details on how you can get started hunting for cryptocurrency mining malware in your own environment.


Key findings include:

  • Amazon Web Services was hosting a significant amount of Coinhive JavaScript (JS) in their webpages
  • Germany and the United States lead the globe with the most IPs hosting websites with Coinhive JS.
  • Phishing is the primary attack vector threat actors are using to gain a foothold in targeted systems and subsequently install cryptocurrency-mining malware.

Please fill out the form on the right to read the report.

Register below to download the GTIC Monero Mining Malware Report.