A new strain of malware was found infecting computers and forcing them to mine Bitcoin according to Microsoft. Security researchers for Microsoft say the malware, dubbed Dexphot, has been infecting computers since at least October 2018. Its hit peak in June by finding its way into 80,000 different machines.
- A malware hijacked at least 80,000 computers to generate Bitcoin
- Users were often unaware that they were infected by the malware
- The virus used part of the machine’s computing power covertly
- Malware was surprisingly sophisticated
Once loaded onto a machine, Dexphot quietly uses part of its computing power to mine Bitcoin.
Bitcoin is a cryptocurrency which is generated through a process called ‘mining’. In this process to complete large strings of calculations users computer are used. Those calculations, once complete, result in a successfully mined Bitcoin.
While the number of infected computers has steadily decreased due to mitigation efforts and countermeasures, Microsoft says that Dexphot stands out for its sophistication and success.
Techniques used was a type of cloaking called polymorphism. It constantly changes the malware’s footprint on a computer and helps cloak it from antivirus software designed to recognize patterns.
According to ZDNet, the cloaking method changes artifacts – key signatures from the code – once every 20 to 30 minutes.
The malware also employed techniques to reinstall itself incrementally. Thisway it ensure that it remained on computers long enough to mine Bitcoin.
‘It’s one of the countless malware campaigns that are active at any given time. Its goal is a very common one in cybercriminal circles – to install a coin miner that silently steals computer resources and generates revenue for the attackers,’ Hazel Kim, a malware analyst for the Microsoft Defender ATP Research Team told ZDNet.
‘Yet Dexphot exemplifies the level of complexity and rate of evolution of even everyday threats. The intent on evading protections and motivated to fly under the radar for the prospect of profit.’
Though Dexphot malware was designed to mine bitcoin, the cryptocurrency has become a regular feature in other scams, particularly sextortion scams that try to extort users using black mail.
In the scams, users are told to deliver a ransom via Bitcoin, which cannot be traced, or a scammer will release alleged nude photos of the victim.