Windows Defender protected thousands of Windows PCs from massive coin mining attack this week

News

Reading time icon 2 min. read

Calendar icon Published on

by Radu Tyrsina 

published on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Earlier this week, Microsoft claimed that its Windows Defender antivirus protected thousands of Windows PCs from a massive coin mining attack. According to the company, cybercriminals used a variant of Dofoil, a trojan which uses a customized mining application to mine coins in the background.

Microsoft says that the outbreak first spread in Russia, Turkey and Ukraine on March 6, and Windows Defender blocked more than 400K instances of the trojan after 12 hours. Here’s a summary of the events:

Just before noon on March 6 (PST), Windows Defender Antivirus blocked more than 80,000 instances of several sophisticated trojans that exhibited advanced cross-process injection techniques, persistence mechanisms, and evasion methods. Behavior-based signals coupled with cloud-powered machine learning models uncovered this new wave of infection attempts. The trojans, which are new variants of Dofoil (also known as Smoke Loader), carry a coin miner payload. Within the next 12 hours, more than 400,000 instances were recorded, 73% of which were in Russia. Turkey accounted for 18% and Ukraine 4% of the global encounters.

Fortunately, the layered machine learning defenses in Windows Defender protected all Windows 10, Windows 8.1 and Windows 7 users from the attack. “Within milliseconds, multiple metadata-based machine learning models in the cloud started blocking these threats at first sight,” the company noted, adding that the company became aware of a potential outbreak “within minutes.”

Given the rising interest of cybercriminals into cryptocurrencies, we can expect more and more trojan-based coin mining attacks in the future. “These types of malware employ various techniques to stay undetected for long periods of time in order to mine coins using stolen computer resources,” Microsoft explained. The company says that Windows 10 remains its most secure OS for now, but Windows Defender Advanced Threat Protection will also come to Windows 7 and Windows 8.1 this summer. This should help keep these older versions of Windows more secure against modern cybersecurity threats.

Radu Tyrsina

Radu Tyrsina Shield

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time). For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web. Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they're looking for.