SAN FRANCISCO – According to report from Comodo Cybersecurity, during the first three months of this year, “cryptominers surged to the top of detected malware incidents, displacing ransomware — which declined significantly in volume — as the number one threat.”

Published Tuesday, Comodo’s report says the “most notable trend” in cybersecurity threats of the year to-date is that “cryptocurrencies have become a favorite target of cybercriminals.”

“The attackers break into websites to covertly install cryptominers, malware that uses resources of the visitors’ computers to mine cryptocurrencies for the benefit of the perpetrators,” Comodo wrote in its report. “Many world-known and respectable companies’ websites were compromised during these attacks. Monero, a form of open-source cryptocurrency, has become the most popular among cybercriminals, with Bitcoin dropping to second place.”

Unsurprisingly, what has driven the increase in cryptominer malware is the size and profitability of the cryptocurrency market – two items which have drawn a great deal of recent media coverage.

“For the last few years, ransomware was a cybercriminal king,” the Comodo report states. “However, in the last quarter the trend has changed. A new player has begun to grow in strength on the malware market – cryptominers. That is not surprising. With a market capitalization greater than $264 billion at the end of March 2018, cryptocurrencies represent a rich target for perpetrators.”

Kenneth Geers, the chief research scientist at Comodo, said the rise of cryptominers is a function of malware trends mirroring trends in the broader market and culture.

“Malware, like cyberspace itself, is merely a reflection of traditional, ‘real-world’ human affairs, and malware is always written for a purpose, whether it’s crime, espionage, terrorism or war,” Geers said in a statement which accompanied the release of Comodo’s Q1 threat report. “Criminals’ proclivities to steal money more efficiently were evident with the surge in cryptomining. And the continued strong correlation of attack volume with current geopolitical events shows hackers of all motivations are well aware of the opportunities major breaking news provides them.”

Over the course of the first three months of 2018, Comodo says it “detected 28.9 million cryptominer incidents out of a total of 300 million malware incidents,” meaning cryptominers represented nearly a 10% share of the total malware incidents observed.

This increase in cryptominers “came at the expense of ransomware activity,” with new variants of ransomware dropping from 124,320 in January to 71,540 in March, a decrease of over 40%.

Fatih Orhan, the Vice President of Comodo, told Threatpost his company does “believe there will be a resurgence in ransomware.”

“The pattern we’ve seen is that ransomware will start to decline when the malware code is not changing and companies’ cyber defenses are getting better at blocking it,” Orhan said. “The timing is of course uncertain, but we do think we will see it come back sometime this year. It could take the form of data destruction, instead of ransom, depending on the motivations of the criminals.”

In addition to observing a significant rise in cryptominers, the Comodo report noted that password-stealers have “become more sophisticated and dangerous,” in part by using new variants of the “Pony Stealer” trojan, an exploit which has been passed around in various forms for several years.

The new variants of Pony Stealer are “able to steal data from wider application range and cryptocurrency wallets as well,” Comodo said in its report. “It also covers its traces, so victims remain unaware they have been compromised.”