Blog Post

Microsoft Defender for Endpoint Blog
1 MIN READ

Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign

Daniel Simpson's avatar
Mar 07, 2018

Just before noon on March 6 (PST), Windows Defender AV blocked more than 80,000 instances of several sophisticated trojans that exhibited advanced cross-process injection techniques, persistence mechanisms, and evasion methods. Behavior-based signals coupled with cloud-powered machine learning models uncovered this new wave of infection attempts. The trojans, which are new variants of Dofoil (also known as Smoke Loader), carry a coin miner payload. Within the next 12 hours, more than 400,000 instances were recorded, 73% of which were in Russia. Turkey accounted for 18% and Ukraine 4% of the global encounters.

 

Read more

Published Mar 07, 2018
Version 1.0
No CommentsBe the first to comment