Microsoft's Windows Defender Antivirus blocked an attack of over 400,000 attempts over a 12-hour period to infect users with a cryptocurrency miner. on a Microsoft blog on March 7th.

Windows Defender's research showed that just before noon (PST) on March 6th, Windows Defender Antivirus was starting to detect these sophisticated trojans, which are new variants of an application called Dofoil (or Smoke Loader), attempting to inject cryptocurrency mining malware via "advanced techniques of cross-injection, persistence mechanisms and methods of d & # 39; evasion."

came from Russia, with 18% of Turkey and 4% of Ukraine.

Even though Dofoil uses a code injection technique that runs crypto mining malware Used as a legitimate Windows binary, the behavior of Windows Defender Antivirus monitors trojan injections marked as threats because the Network traffic from this binary, wuauclt.exe, is suspect and works from the wrong location.

Dofoil, which Microsoft describes as the "latest family of malware to integrate minors of coins in attacks", used the cloud mining market NiceHash crypto that supports a variety of crypto-currencies. Microsoft notes that the samples they inspected have mined Electroneum parts.

Cryptojacking has become more common recently, with more than 55% of the world's businesses affected by encryption attacks in January 2018.

cryptography extraction was injected into software to help blind and visually impaired people connect to the Internet, touching over 5,000 websites, including those of the UK government. Earlier in February, a malware for Monero Mining was discovered to have infiltrated about 7,000 Android devices mainly in China and South Korea.