Malware, one of the most easily spread digital diseases out there, infects hundreds of thousands of computers every year. Of course, as you can probably imagine, this has spread into the cryptocurrency industry as well. As a result, not only are these devices getting infected by malware, but they’re also being used to mine cryptocurrencies, or users are forced to pay cryptocurrency to unlock their computers from the malware.
More specifically, Microsoft recently revealed that one specific malware, called Dexphot, has been spread to around 80,000 devices over the past year, starting the record-keeping in October of 2018. Essentially, what it does is hide what it’s doing and use the infected device to mine cryptocurrency. From there, it makes sure to reinfect a device even if the user tries removing it.
A brief excerpt on the malware:
“The Dexphot attack used a variety of sophisticated methods to evade security solutions. Layers of obfuscation, encryption, and the use of randomized file names hid the installation process. Dexphot then used fileless techniques to run malicious code directly in memory, leaving only a few traces that can be used for forensics. It hijacked legitimate system processes to disguise malicious activity. If not stopped, Dexphot ultimately ran a cryptocurrency miner on the device, with monitoring services and scheduled tasks triggering re-infection when defenders attempt to remove the malware.”
Of course, Microsoft did what it could to protect against Dexphot, but it can only do so much thanks to the fact that the malware’s machine learning processes could stand against pretty much anything the software giant throws at it.