Microsoft thwarted a massive coin mining attack

Posted on Thursday, Mar 08 2018 @ 20:08 CET by Thomas De Maesschalck
MSFT logo
Over at the Microsoft Security blog, the software giant reveals it thwarted a huge malware attack. Called Dofoil, this piece of malware carries a cryptocurrency miner payload. Thanks to a combination of behavior-based signals and machine learning models, Microsoft's Windows Defender picked up the threat very early and was able to prevent widespread infection.
Just before noon on March 6 (PST), Windows Defender AV blocked more than 80,000 instances of several sophisticated trojans that exhibited advanced cross-process injection techniques, persistence mechanisms, and evasion methods. Behavior-based signals coupled with cloud-powered machine learning models uncovered this new wave of infection attempts. The trojans, which are new variants of Dofoil (also known as Smoke Loader), carry a coin miner payload. Within the next 12 hours, more than 400,000 instances were recorded, 73% of which were in Russia. Turkey accounted for 18% and Ukraine 4% of the global encounters.
Full details at the Microsoft Secure blog.

dofoil map

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments