Microsoft managed to prevent a massive cyber attack on the computers of nearly 400 thousand users of the Windows operating system, the purpose of which was to run on infected devices for mining.
According to Microsoft, on March 6, antivirus the operating system Windows – Windows Defender AV – blocked more than 80 thousand sophisticated Trojans. Failed to detect them due to the ability of the antivirus to behavioural analysis and machine learning capabilities. It turned out that the virus is detected trying to seize computer systems and adapt them for mining cryptocurrency Electroneum.
Attack the virus strain Dofoil, also known as Smoke Loader, lasted 12 hours. About 292 thousand attacked devices owned by Russians (73%), in addition to them, the virus could also harm the computers of Turkish people (18%) and Ukraine (4%).
Microsoft claims that the new variant of Dofoil tried to change the legal process OS explorer.exe to enter malicious code. The company also claim that the Microsoft Windows 10, Windows 8.1, and Windows 7 that work with the software AV Windows Defender or Microsoft Security Essentials was automatically protected.
The use of custom equipment for covert mining of cryptocurrency is gaining momentum. So, literally yesterday it became known that in Egypt, the Internet connection local network users to mobile operator Telecom Egypt has undergone massive capture to redirect traffic to hidden mining Monero.
From September 2017 the number of sites in the code which is hidden miners, rose 725%.