Home
%3CLINGO-SUB%20id%3D%22lingo-sub-169081%22%20slang%3D%22en-US%22%3EBehavior%20monitoring%20combined%20with%20machine%20learning%20spoils%20a%20massive%20Dofoil%20coin%20mining%20campaign%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-169081%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20976px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F29907i9287AB8A92F56187%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22dofoil.png%22%20title%3D%22dofoil.png%22%20%2F%3E%3C%2FSPAN%3EJust%20before%20noon%20on%20March%206%20(PST)%2C%20Windows%20Defender%20AV%20blocked%20more%20than%2080%2C000%20instances%20of%20several%20sophisticated%20trojans%20that%20exhibited%20advanced%20cross-process%20injection%20techniques%2C%20persistence%20mechanisms%2C%20and%20evasion%20methods.%20Behavior-based%20signals%20coupled%20with%20cloud-powered%20machine%20learning%20models%20uncovered%20this%20new%20wave%20of%20infection%20attempts.%20The%20trojans%2C%20which%20are%20new%20variants%20of%20Dofoil%20(also%20known%20as%20Smoke%20Loader)%2C%20carry%20a%20coin%20miner%20payload.%20Within%20the%20next%2012%20hours%2C%20more%20than%20400%2C000%20instances%20were%20recorded%2C%2073%25%20of%20which%20were%20in%20Russia.%20Turkey%20accounted%20for%2018%25%20and%20Ukraine%204%25%20of%20the%20global%20encounters.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fcloudblogs.microsoft.com%2Fmicrosoftsecure%2F2018%2F03%2F07%2Fbehavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3ERead%20more%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

dofoil.pngJust before noon on March 6 (PST), Windows Defender AV blocked more than 80,000 instances of several sophisticated trojans that exhibited advanced cross-process injection techniques, persistence mechanisms, and evasion methods. Behavior-based signals coupled with cloud-powered machine learning models uncovered this new wave of infection attempts. The trojans, which are new variants of Dofoil (also known as Smoke Loader), carry a coin miner payload. Within the next 12 hours, more than 400,000 instances were recorded, 73% of which were in Russia. Turkey accounted for 18% and Ukraine 4% of the global encounters.

 

Read more