A new report shows that Microsoft ’s Windows Defender antivirus efficiently thwarted a key dofoil attack that took place on March 6, 2018.

Global Crypto Mining Attack

The software company which is Seattle-based verified in a blog post that the assault targeted more than 800,000 computers mainly across mainland Russia. Within 24 hours of the first outbreak, cases of this new Trojan were likewise reported in Ukraine and Turkey.

The smoke loader assail, also referred as ‘dofoil attack’ performed a miner payload that was proposed to operate in the background and use the processing assets of host computers to mine digital coins.

As reported, the malware was set to remain in the latent state for some time before it carried out its functions. After activation, it would for an indefinite period mine cryptocurrencies without the know-how of the owner. Dofoil belongs to Trojans family and can connect to remote servers, before downloading and executing files.

Microsoft security experts said, “Behavior-based signals combined with cloud-powered device learning models exposed this new wave of infectivity attempts.”

Soon after the attack was initially dotted, Windows Defender blocked the menace within milliseconds by utilizing its cloud-based device learning models.

Moments later, reports indicated that similar assaults had been witnessed across various networks globally. The alert was raised to Severe and Cybersecurity professionals who categorized it as a serious malware attack.

Security experts have confirmed that all PCs operating Windows Defender antivirus are safe from this assault, meaning the normal modern Windows machine is purely immune.

New Attack Vector: Phishing and Mining

Nowadays, hacker groups modify malware with the aim of mining cryptocurrencies instead of just wreaking havoc. Also, there have been instances of in-browser mining where compromised sites force users to mine cryptocurrencies.

The drawing of unwarranted processor cycles by a webpage makes the computer of the user impracticable but permits the perpetrators to immense gains.

Digital tokens appear like a more feasible reward for hackers since they can exploit the significant features of some currencies such as Monero hence disguising the personality of the transacting parties.

Hackers target a wide audience by sending infected links or files to a corrupted file which is situated in some remote server. After the user downloads the file into their PC, the malware infects the computer system and performs its objective.

The dofoil assault was programmed to operate through ‘process hollowing’ which is the process of replacing the legal code parts with those of malware.

In this attack, the hollowing process was programmed to manipulate the explorer.exe file. The attack substituted the original files at C:\Windows\syswow64\explorer.exe with its version of it.

The malware was reported to link to remote servers and is said to download ‘Trojan:Win32/CoinMiner.D’ and ‘Trojan:Win32/Dofoil.AB’ files before saving them into the host computer, where it was hidden and running in the background.

However, this is not the first case of cyber hackers that targeted PCs to mine cryptocurrencies. It’s only recently there were two separate cases with one of them thwarted by McAfee after targeting financial institutions and cryptocurrency users.

According McAfee report on February 12, 2018, Lazarus cyber attacking group tried to spread malware on PCs and devices across the world but was quickly stopped.