• Skip to content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Cyber Threat Defense

Cyber Security News

You are here: Home / Malware / Dofoil Crypto Mining Malware Impacting Window Users

Dofoil Crypto Mining Malware Impacting Window Users

March 9, 2018 By News Team Leave a Comment

Numerous variants of the trojan Dofoil repeatedly attempted to infect Microsoft Windows systems on Tuesday, trying to install a cryptocurrency miner.

On Wednesday, the company reported a defensive victory over the fast-moving campaign. Across a single morning, its Windows Defender Antivirus blocked over 80,000 instances of various sophisticated Trojans “that exhibited advanced cross-process injection techniques, persistence mechanisms, and evasion methods”. The infection attempts were uncovered within milliseconds, according to Microsoft, through a combination of cloud-powered machine learning models and in-house behaviour monitoring. Over the next 12 hours, over 400,000 further instances were recorded, 73% of which occurred in Russia, 18% in Turkey and 4% in Ukraine.

The malware known as Dofoil, which also goes by the name “Smoke Loader” in some cybersecurity circles, was carrying a coin miner payload. If it successfully infects a computer’s operating system, it can then use the computer’s CPU power to mine for digital cash. The coin it creates is known as Electroneum. Once installed onto a system, Dofoil and its variants can connect to a hacker’s command-and-control (C&C) server and listen for fresh commands, including the installation of more malware.

Criminals are increasingly turning to coin miners over ransomware as they are an easier method of attack, which if successful, can go undetected by the computer’s user for a long time.

In its blog post, Microsoft said, “Exploit kits are now delivering coin miners instead of ransomware. Scammers are adding coin mining scripts in tech support scam websites. And certain banking trojan families added coin mining behavior.”

Security experts say that this strain has been in existence since 2011 when an early version was first discovered online for sale on an underground marketplace. However, Dofoil recently made headlines when Malwarebytes discovered it was disguising itself as a patch for Spectre and Meltdown, the major flaws that exist in almost every computer processor in use.

“Online criminals are notorious for taking advantage of publicized events and rapidly exploiting them, typically via phishing campaigns,” Malwarebytes wrote in its advisory. “This particular one is interesting because people were told to apply a patch, which is exactly what the crooks are offering under disguise.”

The culprits behind the latest hacking scheme involving Dufoil are unknown. Microsoft has not responded to requests for comment.

Filed Under: Cryptomining, Malware Tagged With: Dofoil, Malware, Malwarebytes, Microsoft, Russia, Smoke Loader, Turkey, Ukraine, Windows Defender Ukraine

Primary Sidebar

Recent Articles

  • How Profits Inspires Virus Developers
  • What’s Propelling A10 Networks Inc (NYSE: ATEN) After Higher Shorts Reported?
  • FacexWorm Targets Facebook Messenger
  • Cisco Systems Webex Flaws Allows Remote Users To Execute Code
  • Europe sees Radical Drop in DDoS Attacks Since Seizure of Webstresser Site

Categories

  • Application Security
  • Bitcoin
  • Bot Defense
  • Browser Security
  • Business Models
  • Critical infrastructure
  • Cryptocurrencies
  • Cryptojacking
  • Cryptomining
  • Cybercrime
  • cybersecurity
  • Data Breach
  • Data Theft
  • DDoS
  • Endpoint Security
  • Espionage
  • Feature
  • Firewall
  • Fraud
  • Government
  • Hacking
  • Hacking Tools
  • IoT
  • Layer7
  • Leaks
  • Malware
  • Mining
  • Mobile security
  • Point of Sale Devices
  • Quantum Encryption
  • Quantum Security
  • Ransomware
  • Routing
  • Uncategorized
  • Vault7
  • Vault8
  • Vulnerabilities
  • Wikileaks

Secondary Sidebar

Cyber Threat Defense.net | Copyright © 2019 All product names, logos, and brands are property of their respective owners. All company, product and service names used on site are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.