Windows Defender Antivirus has blocked an attack of more than 400,000 attempts over a span of 12 hours for trojans to infect users with a cryptocurrency miner, according to a on March 7.
Windows Defender’s research showed that a little before noon (PST) on March 6, Windows Defender Antivirus began detecting these sophisticated trojans, which are new variants of an application called Dofoil (or Smoke Loader), attempting to inject cryptocurrency mining malwares through “advanced cross-process injection techniques, persistence mechanisms, and evasion methods.”
The majority, or 73 percent, of these instances came from , with 18 percent from and 4 percent from .
Even though Dofoil uses a code injection technique that runs crypto mining malware disguised as a legitimate Windows binary, Windows Defender Antivirus behavior monitoring flagged trojan injections as threats because the network traffic from this binary, wuauclt.exe, is suspicious as well as running from the wrong location.
Dofoil, which Microsoft describes as the “latest malware family to incorporate coin miners in attacks,” used the crypto cloud mining marketplace that supports a variety of cryptocurrencies. Microsoft notes that the samples they inspected mined coins.
Cryptojacking has become more prevalent recently, with by crypto mining attacks as of January 2018.
In mid-February, a malicious crypto mining script was, affecting more than 5000 websites, including those of the UK government. Earlier in February, a malware for mining was discovered to have mainly in China and South Korea.
Published at Sat, 10 Mar 2018 12:11:55 +0000
bitcoin Scams[wpr5_ebay kw=”bitcoin” num=”1″ ebcat=”” cid=”5338043562″ lang=”en-US” country=”0″ sort=”bestmatch”]
