Microsoft Halts Malware Campaign That Tried To Infect 400,000 Users

There are many types of malware that endanger the proper functioning of systems. But if there is one that has increased a lot in recent times, it is the hidden cryptocurrency miners. That’s exactly what we talked about in this article. The tech giant Microsoft, through Windows Defender, has stopped a campaign that aimed to infect more than 400,000 computers with this type of malware.
Specifically, it happened on March 6, although it is now when the company discloses this report. This attack lasted about 12 hours and the Windows protection system managed to stop the infection.
The software giant reports that it is Dofoil malware, which is also known as Smoke Loader. It is a popular program that downloads malware.
As reported by Mark Simos, one of the tech giant Microsoft’s security leaders, Windows Defender stopped more than 80,000 threats in the form of Trojans using advanced infection techniques and this was on March 6. But over the next 12 hours, more than 400,000 new instances were registered.
It should be mentioned that a large part of the total took place in Russia. That also affected other European countries, although to a lesser extent.

Quick discovery

The tech giant Microsoft takes out chest and it is not for less. Its rapid discovery made it possible to curb a massive malware campaign. They indicate that this was possible thanks to their machine learning models that are based on the behaviour of the malware and that are found in the cloud, which is included in Windows Defender.
Simos adds that the discovery of this new malware was in a matter of milliseconds. All thanks to machine learning. Later they qualify the threat as malicious in a few seconds and block it in a matter of minutes.
From the tech giant Microsoft, they say that this malware known as Dofoil intended to drain the legitimate process of the operating system to inject malicious code.
Subsequently, this code was intended to generate a second process to download and execute a hidden cryptocurrency miner. This was, after all, the point of view of the attackers. As we know, a cryptocurrency miner consumes resources from our system. It can even decrease the useful life of our hardware.
This cryptocurrency miner masked it as a legitimate Windows binary, called wuauclt.exe. Windows Defender was able to detect this process as malicious since it was running from the wrong location. Even the binary itself generated suspicious traffic when trying to contact a C & C server.

The threat of the hidden miners

As we know there are many types of cryptocurrencies. This hidden miner was not designed to undermine any of the best known. Its function was to try to mine Electroneum.
In short, having security programs and tools is important. This way we can keep our system safe from threats like the one we mentioned. This time Windows Defender was able to stop the attack quickly.
Cryptocurrency mining is one of the most booming threats. It affects both computer users and mobile devices.
So, what do you think about this? Simply share all your views and thoughts in the comment section below.