Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign

Published Mar 07 2018 02:43 PM 738 Views
Microsoft

dofoil.pngJust before noon on March 6 (PST), Windows Defender AV blocked more than 80,000 instances of several sophisticated trojans that exhibited advanced cross-process injection techniques, persistence mechanisms, and evasion methods. Behavior-based signals coupled with cloud-powered machine learning models uncovered this new wave of infection attempts. The trojans, which are new variants of Dofoil (also known as Smoke Loader), carry a coin miner payload. Within the next 12 hours, more than 400,000 instances were recorded, 73% of which were in Russia. Turkey accounted for 18% and Ukraine 4% of the global encounters.

 

Read more

Version history
Last update:
‎Mar 07 2018 02:43 PM
Updated by: