With cryptocurrency mining malwares on the rise, some companies have taken pre-emptive steps to ensure a user’s personal computer and laptop is under no threat.
On March 6, Windows-run Defender thwarted a potential attack from a cryptocurrency mining malware known as Dofoil (also known as Smoke Loader). It blocked more than 80,000 types of sophisticated trojans, that were quite advanced forms of cross-process injection techniques, persistence mechanisms, and evasion methods.
A security report said, “Windows Defender AV initially flagged the attack’s unusual persistence mechanism through behavior monitoring, which immediately sent this behavior-based signal to our cloud protection service.”
(Screenshot of the alert message sent by Defender)
Elaborating, the report stated, “Within milliseconds, multiple metadata-based machine learning models in the cloud started blocking these threats at first sight. Seconds later, our sample-based and detonation-based machine learning models also verified the malicious classification. Within minutes, detonation-based models chimed in and added additional confirmation.”
“Within minutes, an anomaly detection alert notified us about a new potential outbreak. After analysis, our response team updated the classification name of this new surge of threats to the proper malware families. People affected by these infection attempts early in the campaign would have seen blocks under machine learning names like Fuery, Fuerboos, Cloxer, or Azden. Later blocks show as the proper family names, Dofoil or Coinminer.”
Experts have opined that the newer versions of Windows such as Windows 10, Windows 8.1, and Windows 7 users running Windows Defender AV or Microsoft Security Essentials are immune from these kinds of attacks.
On their official Twitter handle, it posted a couple of pointers on how people can safeguard themselves against potential mining walwares saying, “Remember the massive March 6 #Dofoil #coinmining campaign? Learn how a poisoned update to a #p2p app facilitated this campaign. An app might appear safe, but a poisoned update—particularly one that is signed—can sneak in malicious code. Stick to vetted apps and get behavior monitoring and machine learning.”
Liked what you read? Join us on Telegram