Half a Million Russian, Ukrainian Windows Computers Attacked by Cryptojacking Virus


More than half a million PCs in Russia, Ukraine and Turkey came under attack from a new strain of malware attacking their Windows systems last week, Cointelegraph reported. This was an attack carried out by a cryptocurrency miner using the malware that spread rapidly to over 500,000 computers in a span of 12 hours. The aim of the malicious miner was to use the infected computers to mine Electroneum coins using the process hollowing technique.

The majority, or 73 percent, of these instances came from Russia, with 18 percent from Turkey and 4 percent from Ukraine.

The malware, a variation of Dofoil malware also called Smoke Loader was quickly detected by the Windows anti-malware, Windows Defender which was then able to analyze and stop the malware from spreading.

Using the Microsoft cloud, Windows Defender was able to stop the malware from spreading to other computers using the Windows 7, 8 and 10 operation systems, along with blocking it from the computers under immediate threat.

Microsoft said its Windows Defender Antivirus blocked more than 80,000 instances of several sophisticated trojans that exhibited advanced cross-process injection techniques, persistence mechanisms, and evasion methods. Behavior-based signals coupled with cloud-powered machine learning models uncovered this new wave of infection attempts.

“Our computers are our lifelines and for many our livelihoods, so go ahead and invest a little and get your anti-virus software updated already. There are a lot of people out there who want what you have,” says Rafael Danner, a security analyst at Kaspersky Labs.

Dofoil, which Microsoft describes as the “latest malware family to incorporate coin miners in attacks,” used the NiceHash crypto cloud mining marketplace that supports a variety of cryptocurrencies. Microsoft notes that the samples they inspected mined Electroneum coins.

Cryptojacking has become more prevalent recently, with more than 55 percent of businesses worldwide affected by crypto mining attacks as of January 2018.

In mid-February, a malicious crypto mining script was injected into software for helping blind and partially-sighted people go online, affecting more than 5000 websites, including those of the UK government. Earlier in February, a malware for mining Monero was discovered to have infiltrated around 7000 Android devices mainly in China and South Korea.