Microsoft Blocked More Than 400,000 Malicious Cryptojacking Attempts In One Day

Microsoft’s Windows Defender Antivirus has blocked an attack of more than 400,000 attempts over a span of 12 hours for trojans to infect users with a cryptocurrency miner, according to a Microsoft blog post on March 7.

Windows Defender’s research showed that a little before noon (PST) on March 6, Windows Defender Antivirus began detecting these sophisticated trojans, which are new variants of an application called Dofoil (or Smoke Loader), attempting to inject cryptocurrency mining malwares through “advanced cross-process injection techniques, persistence mechanisms, and evasion methods.”

The majority, or 73 percent, of these instances came from Russia, with 18 percent from Turkey and 4 percent from Ukraine.

Even though Dofoil uses a code injection technique that runs crypto mining malware disguised as a legitimate Windows binary, Windows Defender Antivirus behavior monitoring flagged trojan injections as threats because the network traffic from this binary, wuauclt.exe, is suspicious as well as running from the wrong location…

Read Full: Microsoft Blocked More Than 400,000 Malicious Cryptojacking Attempts In One Day