Yesterday, March 8, Microsoft stopped the functioning of the new malicious software Dofoil, also known as Smoke Loader, which tried to infect computers with cryptocurrency miner. Around 400 thousand users, mainly in Russia, could have gotten under the virus attack.
A specialized Internet resource Bleeping Computer informs that Windows Defender analysts have reported a complex of 80 thousand sophisticated Trojans able to camouflage, that tried to overcome protective modules during twelve hours in a row.
During 12 hours 400 000 cases were registered, 73% from Russia, 18% in Turkey, 4% in Ukraine,
- add web-analysts.
The virus appeared to be a miner that tried to adapt captured computers for mining the cryptocurrency Electroneum. But thanks to the recently implemented update Windows Defender a threat was instantly revealed. The harmful software was detected in milliseconds, Microsoft says.
It also states that this new version of Dofoil has tried to pull out a legal process OS explorer.exe to enter a harmful code. The company assures that Microsoft Windows 10, Windows 8.1 and Windows 7 that work with Windows Defender AV or Microsoft Security Essentials software, have been automatically protected.
It is likely that other antivirus vendors have also detected a threat since Dofoil (Smoke Loader) is a well known harmful dangerous that has been very active since 2014.
Lately, the news about similar harmful software are not rare, we’ve reported such cases on Facebook and ad service DoubleClick from Google, that were used for distributing malicious software for the hidden cryptocurrency mining. The only difference that previous cases were with the cryptocurrency Monero, and not Electroneum.