Microsoft Defender Antivirus blocked 400,000 attempts to infect computers with Trojan for mining cryptocurrency within 12 hours.
The attack started on 6 March and its purpose was installation of advanced version of a Trojan called Dofoil (or Smoke Loader). For of intrusion attempts used a very complex and diverse mechanisms.
Most of the attacks, or rather, 73 percent were in Russia, 18% Turkey and 4% in Ukraine.
Despite the fact that the Dofoil “masked” under the Windows binary, Windows Defender Antivirus still detected the threat, because traffic generated wuauclt.exe seemed protection system suspicious.
Trojan Dofoil, which Microsoft describes as “the latest in a family of malicious programs used for mining”, used the NiceHash service, which supports multiple cryptocurrencies. Microsoft notes that the samples they examined, was engaged in mining Electroneum.
In the last time attack of the crypto viruses have become more common: more than 55 percent of companies worldwide suffered from such attacks, starting in January 2018.
In mid-February, more than 5,000 web sites owned by the UK government was attacked by hackers and was used for mining for a few hours.