Earlier this week, Microsoft claimed that its Windows Defender antivirus protected thousands of Windows PCs from a massive coin mining attack. According to the company, cybercriminals used a variant of Dofoil, a trojan which uses a customized mining application to mine coins in the background.
Microsoft says that the outbreak first spread in Russia, Turkey and Ukraine on March 6, and Windows Defender blocked more than 400K instances of the trojan after 12 hours. Here’s a summary of the events:
Just before noon on March 6 (PST), Windows Defender Antivirus blocked more than 80,000 instances of several sophisticated trojans that exhibited advanced cross-process injection techniques, persistence mechanisms, and evasion methods. Behavior-based signals coupled with cloud-powered machine learning models uncovered this new wave of infection attempts. The trojans, which are new variants of Dofoil (also known as Smoke Loader), carry a coin miner payload. Within the next 12 hours, more than 400,000 instances were recorded, 73% of which were in Russia. Turkey accounted for 18% and Ukraine 4% of the global encounters.
Fortunately, the layered machine learning defenses in Windows Defender protected all Windows 10, Windows 8.1 and Windows 7 users from the attack. "Within milliseconds, multiple metadata-based machine learning models in the cloud started blocking these threats at first sight," the company noted, adding that the company became aware of a potential outbreak "within minutes."
Given the rising interest of cybercriminals into cryptocurrencies, we can expect more and more trojan-based coin mining attacks in the future. "These types of malware employ various techniques to stay undetected for long periods of time in order to mine coins using stolen computer resources," Microsoft explained. The company says that Windows 10 remains its most secure OS for now, but Windows Defender Advanced Threat Protection will also come to Windows 7 and Windows 8.1 this summer. This should help keep these older versions of Windows more secure against modern cybersecurity threats.