Microsoft says it has stopped a massive malware attack aimed at coin miners. Microsoft points out that this was possible thanks to its Microsoft Security Essentials that initially flagged the attack’s unusual persistence mechanism through behavior monitoring and its Windows Defender AV for blocking it.
The first attack occurred two days ago, just before noon on March 6, Pacific time, it AV (Antivirus) Windows Defender blocked more than 80,000 instances of several sophisticated Trojans that exhibited in different cross-process injection techniques, persistence mechanisms and methods of evasion.
Behavior-based signals, along with machine learning models in the cloud, allowed Windows Defender and Microsoft Security Essentials to discover this new wave of infection attempts.
These trojans identified by Windows Defender and Microsoft Security Essentials are new variants of Dofoil, also known as Smoke Loader, which includes malware whose objective is the mining of cryptocurrencies in infected computers. Microsoft notes that after the first wave of attacks, over the next 12 hours more than 400,000 instances were registered, mostly in Russia (73%), Turkey (18%) and Ukraine (4%).
Microsoft points out that systems with Windows 7, 8.1 and 10 with Windows Defender or Microsoft Security Essentials are protected against this latest wave of attacks.