More than 400,000 personal computers have been attacked in a large-scale attempt to distribute cryptocurrency mining malware. The hackers used sophisticated trojans to infect PCs mostly in Russia, but also in Turkey, Ukraine, and other countries. The coordinated assault lasted more than 12 hours.
Several Countries Affected, Russia Hit Harder
The complex malicious software has been trying to overcome antivirus defenses for more than 12 hours on March 6. According to Microsoft, the majority of the attacked computers, 73%, were located in Russia, followed by Turkey with 18% and Ukraine – 4%. Other countries have also been affected.
“Windows Defender blocked more than 80,000 instances of several sophisticated trojans that exhibited advanced cross-process injection techniques, persistence mechanisms, and evasion methods”, the research team developing Microsoft’s AV software announced. More than 400,000 users have been targeted, Bleeping Computer reports.
The behavior-based and cloud-powered machine learning models included in Windows Defender detected the trojan attack in its early stage, the researchers said. The threat was identified by the antivirus program, which started blocking further attempts within minutes.
According to the Windows Defender team, the Dofoil malware used in the attack tried to penetrate the explorer.exe process of the operating system and inject malicious code. Then, another explorer.exe was supposed to download and run the cryptocurrency miner masked as a legitimate Windows binary – wuauclt.exe. The antivirus software was able to detect these attempts, as the process was running from a different location on the hard drive…