Hackers Target 400,000 Computers with Mining Malware

Images courtesy of Shutterstock. 

 

More than 400,000 personal computers have been attacked in a large-scale attempt to distribute cryptocurrency mining malware. The hackers used sophisticated trojans to infect PCs mostly in Russia, but also in Turkey, Ukraine, and other countries. The coordinated assault lasted more than 12 hours.

Also read: New Monero Mining Malware Sends Proceeds to Kim Il Sung University, North Korea

 

Several Countries Affected, Russia Hit Harder

The complex malicious software has been trying to overcome antivirus defenses for more than 12 hours on March 6. According to Microsoft, the majority of the attacked computers, 73%, were located in Russia, followed by Turkey with 18% and Ukraine – 4%. Other countries have also been affected.

Hackers Target 400,000 Computers with Mining Malware“Windows Defender blocked more than 80,000 instances of several sophisticated trojans that exhibited advanced cross-process injection techniques, persistence mechanisms, and evasion methods”, the research team developing Microsoft’s AV software announced. More than 400,000 users have been targeted, Bleeping Computer reports.

The behavior-based and cloud-powered machine learning models included in Windows Defender detected the trojan attack in its early stage, the researchers said. The threat was identified by the antivirus program, which started blocking further attempts within minutes.

According to the Windows Defender team, the Dofoil malware used in the attack tried to penetrate the explorer.exe process of the operating system and inject malicious code. Then, another explorer.exe was supposed to download and run the cryptocurrency miner masked as a legitimate Windows binary – wuauclt.exe. The antivirus software was able to detect these attempts, as the process was running from a different location on the hard drive.

READ
Calling all existing and potential Tally customers in the Bristol area.

 

The Malware Mined Electroneum

Suspicious traffic was generated by the malware, when the coinminer tried to contact its command and control server located on the Namecoin network infrastructure. The malicious software was programmed to mine Electroneum. The cryptocurrency uses “app based mobile mining”, according to its website.

Microsoft claims that Windows 10, 8.1, and Windows 7 computers with installed Windows Defender or Microsoft Security Essentials have been protected automatically. According to Bleeping Computer, other antivirus programs have most likely detected the threat as well. Dofoil has been a known and active malware strain for several years now.

Hackers Target 400,000 Computers with Mining MalwareMalicious scripts have become a popular instrument for hackers trying to steal computing power in order to mine cryptocurrencies. There have been attempts to use popular platforms, like Facebook Messenger and Youtube, to spread mining malware. In multiple reports, cybersecurity firms have warned about attempts to hijack personal computers and even smartphonesto mine different coins.

According to a recent study by Kaspersky Lab, hackers are also targeting industrial enterprises, trying to take advantage of their computers and servers. Attacks on automated control systems have increased in the past year. From California-based electric car manufacturer Tesla, to a water purifying plant in Europe, a growing number of companies and institutions have reported attacks, despite their investments in cybersecurity.

 

Original Article Link 

By Lubomir Tassev

Lubomir Tassev is a journalist from tech-savvy Bulgaria, a country that often finds itself at the forefront of technological advances it cannot easily afford. Quoting Hitchens, Lubomir says: ”Being a writer is what I am, rather than what I do“. International politics and economics are two other major sources of inspiration.

READ
Metro Bank (LON: MTRO) boosts SME offering with new fintech partnerships

 

Register for the Share Talk investor evening, London 26th November 2019


Linking Shareholders and Executives :Share Talk

If anyone reads this article found it useful, helpful? Then please subscribe www.share-talk.com or follow SHARE TALK on our Twitter page for future updates.

Terms of Website Use

All information is provided on an as-is basis. Where we allow Bloggers to publish articles on our platform please note these are not our opinions or views and we have no affiliation with the companies mentioned

Malcare WordPress Security