500,000 Computers Infected by Cryptocurrency Malware in a Span of Hours
Microsoft discovered a quick-spreading cryptocurrency-mining malware that got into half a million computers in under 12 hours. The good news is, they were able to block the malware for the most part.
Called “Dofoil”, and also known as “Smoke Ladder”, the malware installed cryptocurrency-mining programs on infected Windows devices that mined Electroneum coins. On March 6, an initial detection of at least 80,000 occurrences transpired – and within half a day, another 400,000 occurred.
The Microsoft team behind the discovery also saw how the digital currency mining payload quickly spread throughout Russia, Turkey, and Ukraine. The malware was disguised as a legitimate-looking Windows program to try and avoid detection.
On the other hand, Microsoft hasn’t spoken about how Dofoil was able to embed itself into such a large number of devices in a short period of time.
Dofoil utilised a custom application used for mining different digital currencies, however, the malware was only programmed to mine Electroneum during this attack.
More than 500,000 computers were infected by a cryptocurrency-mining malware earlier this month.
The malware was also said to have used an older technique known as “process hollowing”. This is when a new instance of a real process along with a malicious one so the second iteration runs instead of the legitimate one.
This can trick the process monitoring tools and antivirus applications into thinking that the original process is being run. The malware can then run its currency-mining tools disguised as a legitimate Windows process.
Dofoil is also able to modify the Windows registry to stay longer on an infected system to mine Electroneum for a longer time.
It can create a copy of the original malware and try and run it with existing legitimate programs on Windows. One particular case saw the malware modify the OneDrive run key on an infected computer.
Researchers also found out that Dofoil connects to a remote command and control server that is hosted on a decentralised network and waits for new commands – including the installation of newer malware.
Microsoft stated that behaviour monitoring and artificial intelligence based machine learning technology helped them detect and block what could have been a more massive malware attack.
Comprehensive multi-device protection for you and your family for up to 6 PCs, Macs, Android, and iOS devices. For more info click here.
