More than 400,000 personal computers have been attacked in a large-scale attempt to distribute cryptocurrency mining malware. The hackers used sophisticated trojans to infect PCs mostly in Russia, but also in Turkey, Ukraine, and other countries. The coordinated assault lasted more than 12 hours.
The complex malicious software has been trying to overcome antivirus defenses for more than 12 hours on March 6. According to Microsoft, the majority of the attacked computers, 73%, were located in Russia, followed by Turkey with 18% and Ukraine – 4%. Other countries have also been affected.
“Windows Defender blocked more than 80,000 instances of several sophisticated trojans that exhibited advanced cross-process injection techniques, persistence mechanisms, and evasion methods”, the research team developing Microsoft’s AV software announced. More than 400,000 users have been targeted, Bleeping Computer reports.
The behavior-based and cloud-powered machine learning models included in Windows Defender detected the trojan attack in its early stage, the researchers said. The threat was identified by the antivirus program, which started blocking further attempts within minutes.
According to the Windows Defender team, the Dofoil malware used in the attack tried to penetrate the explorer.exe process of the operating system and inject malicious code. Then, another explorer.exe was supposed to download and run the cryptocurrency miner masked as a legitimate Windows binary – wuauclt.exe. The antivirus software was able to detect these attempts, as the process was running from a different location on the hard drive.
Suspicious traffic was generated by the malware, when the coinminer tried to contact its command and control server located on the Namecoin network infrastructure. The malicious software was programmed to mine Electroneum. The cryptocurrency uses “app based mobile mining”, according to its website.
Microsoft claims that Windows 10, 8.1, and Windows 7 computers with installed Windows Defender or Microsoft Security Essentials have been protected automatically. According to Bleeping Computer, other antivirus programs have most likely detected the threat as well. Dofoil has been a known and active malware strain for several years now.
Malicious scripts have become a popular instrument for hackers trying to steal computing power in order to mine cryptocurrencies. There have been attempts to use popular platforms, like Facebook Messenger and Youtube, to spread mining malware. In multiple reports, cybersecurity firms have warned about attempts to hijack personal computers and even smartphones to mine different coins.
According to a recent study by Kaspersky Lab, hackers are also targeting industrial enterprises, trying to take advantage of their computers and servers. Attacks on automated control systems have increased in the past year. From California-based electric car manufacturer Tesla, to a water purifying plant in Europe, a growing number of companies and institutions have reported attacks, despite their investments in cybersecurity.
Do you think your computer has been targeted by crypto mining malware? Tell us in the comments section below.
Images courtesy of Shutterstock.
Written by Lubomir Tassev