CATEGORIES
home News

Dexphot Malware Enslaved Nearly 80,000 Computers To Mine Cryptocurrency

by Shane McGlaunWednesday, November 27, 2019, 09:16 AM EDT
crypto
Microsoft has detailed a new malware strain that's been infecting computers globally since October 2018. The malware is called Dexphot, and while it isn't trying to steal data, it is robbing hardware resources of the infected machines. The people behind Dexphot were using the resources of the infected machines to mine cryptocurrency and generate revenue .

Dexphot reached its peak in mid-June of 2019 when the botnet had reached nearly 80,000 infected computers. The botnet has shrunk since then as Microsoft has rolled out countermeasures to improve detection and stop attacks. What stood out about Dexphot was the high level of complexity that the attack employed in its methods and techniques.

dexphot graph

Dexphot used advanced techniques such as fileless execution, polymorphic techniques, and smart and redundant boot persistence mechanisms. Dexphot was taking advantage of computers that were previously infected with ICLoader; a malware strain usually side-installed as part of a software bundle without the user knowing. It was often installed when users downloaded and installed cracked or pirated software.

On some of the ICLoader-infected systems, the ICLoager gang was downloading and running the Dexphot installer. Microsoft says that the installer would be the only part of the malware written to disk and only for a short period. All the other files needed for the malware ran in the computer memory only, making it invisible to some signature-based AV solutions.

Dexphot also used something called LOLbins to abuse legitimate Windows processes to execute malicious code and polymorphism, a malware technique where it continuously changes its artifacts. Microsoft says that operators of the malware changed filenames and URLs used in the infection process every 20-30 minutes.

The techniques in the malware were so complicated that it says you usually expect this sort of redundancy to be found in malware developed by advanced government-backed hacking units. These techniques are slowly ending up in the hands of cyber-criminal gangs. 

Tags:  Microsoft, Malware, (nasdaq:msft), cryptomining
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment