Two days ago, Microsoft came across a rapidly spreading encrypted malware. That has infected almost 500,000 computers in just 12 hours and successfully blocked them to a large extent.
Microsoft detected this malware infecting almost 500,000 computers
Dubbed Dofoil, aka Smoke Loader, is the one found malware in a cryptocurrency mining application. The malware infected almost 500,000 Windows computers. And the app was responsible for extracting Electroneum coins.
On March 6, Windows Defender suddenly detected more than 80,000 instances of several variants of Dofoil. That raised the alarm in Microsoft’s Windows Defender research department. And in the next 12 hours, more than 400,000 incidents were recorded.
The research team found that all these cases spread rapidly through Russia, Turkey, and Ukraine. The malware present in a mining application. And that disguised as a legitimate binary of Windows to evade detection.
Microsoft has not mentioned how these incidents occurred so massively and in such a short period. Dofoil uses a custom mining application that can extract different currencies. But in this opportunity, the malware was programmed to obtain Electroneum currencies only from the affected computers.
According to the researchers, the Dofoil Trojan uses an old code. That works by injection technique called “Process Hollowing.” That consists in generating a new instance of a legitimate process with a malicious one. So, in that case, the second code is executed instead of the original monitoring tools. Also, it seems a method that appears not very useful on this occasion.