Over at the Microsoft Security blog, the software giant reveals it thwarted a huge malware attack. Called Dofoil, this piece of malware carries a cryptocurrency miner payload. Thanks to a combination of behavior-based signals and machine learning models, Microsoft's Windows Defender picked up the threat very early and was able to prevent widespread infection.
Just before noon on March 6 (PST), Windows Defender AV blocked more than 80,000 instances of several sophisticated trojans that exhibited advanced cross-process injection techniques, persistence mechanisms, and evasion methods. Behavior-based signals coupled with cloud-powered machine learning models uncovered this new wave of infection attempts. The trojans, which are new variants of Dofoil (also known as Smoke Loader), carry a coin miner payload. Within the next 12 hours, more than 400,000 instances were recorded, 73% of which were in Russia. Turkey accounted for 18% and Ukraine 4% of the global encounters.