Few days ago, Microsoft discovered a rapidly spreading cryptocurrency-mining malware which infected over 500,000 computers within just 12 hours but was successfully blocked to a large extent.
Dubbed Dofoil,(also known as) Smoke Loader, the malware was found dropping a cryptocurrency miner program as payload on infected Windows computers that mines Electroneum coins using victims’ CPUs.
On March 6, Windows Defender blocked more than 80,000 instances of several variants of Dofoil that raised the alarm at Microsoft Windows Defender research department, and within the next 12 hours, over 400,000 instances were recorded of which 73% were in Russia. Turkey accounted for 18% and Ukraine 4% of the global encounters.
Dofoil uses a customized mining application which exhibited advanced cross-process injection techniques, persistence mechanisms, and evasion methods that can mine different cryptocurrencies, but in this campaign, the malware was programmed to mine Electroneum coins only.
Microsoft says behavior monitoring and Artificial intelligence based machine learning techniques used by Windows Defender Antivirus have played an important role to detect and block this massive malware campaign.