A few days ago, researchers at Microsoft announced that Windows Defender Antivirus blocked more than 80,000 instances of several malicious code that exhibited advanced cross-process injection techniques, persistence mechanisms, and evasion methods.

According to Microsoft, the malware were new variants of Dofoil (also known as Smoke Loader), a small application used to download other malicious codes, in these specific attacks a coin miner. The cryptocurrency miner payload was used to mine Electroneum coins.

In Just 12 hours from the discovery, the experts observed more than 400,000 instances, most of them in Russia (73%), Turkey (18%) and Ukraine (4%).

Totally more than 500,000 computers were infected within just 12 hours.