Approximately 400,000 personal computers have been affected in a wide ranged effort to spread cryptocurrency mining malware. The hackers reportedly used refined Trojans to infect the PCs that were mostly from Russia, Turkey, Ukraine, and other countries. The attack went on for about 12 hours.
In a statement from Microsoft, it is said that the multifaceted malicious software has been trying to penetrate antivirus defences for more than 12 hours during March 6. The coinminer behind the attack had apparently programmed the malware to mine Electroneum, a cryptocurrency which uses “app-based mobile mining” according to its own website.
73% of the attacked computers came from Russia, 18% from Turkey, 4% from Ukraine and the rest are scattered among different countries. “Windows Defender blocked more than 80,000 instances of several sophisticated Trojans that exhibited advanced cross-process injection techniques, persistence mechanisms, and evasion methods,” said Microsoft’s Research Team. The “behaviour-based and cloud-powered” machine learning models included in Windows Defender identified the Trojan attack in its primary phase. The antivirus program then blocked any further attempts in just a matter of minutes.
The team further explained that the Dofoil malware utilized in the attack tried to infiltrate the explorer.exe process of the operating system and insert malicious code. Another explorer.exe was supposed to be downloaded and run the cryptocurrency miner disguised as an authentic windows binary. Fortunately the antivirus software was able to detect and counteract the attempts. All computers running on Windows 10, 8.1 and 7 were automatically protected from this attack