New Crypto-Stealing Malware Infected 80,000 Computers, Microsoft Says

Published at: Nov. 26, 2019

The Microsoft Defender ATP research team shares insights on a new cryptocurrency-stealing malware variant that has infected close to 80,000 computers.

On Nov. 26, Microsoft security analysts revealed that the malware, called Dexphot, had already infected close to 80,000 devices since October 2018, reaching its peak in the month of June of this year.

The malicious code reportedly hijacks legitimate system processes to disguise its nefarious activity, with the ultimate goal of running a cryptocurrency miner on the infected device. When infected users attempt to remove the malware, monitoring services and scheduled tasks will trigger re-infection. The report reads:

“Dexphot is not the type of attack that generates mainstream media attention; it’s one of the countless malware campaigns that are active at any given time. Its goal is a very common one in cybercriminal circles — to install a coin miner that silently steals computer resources and generates revenue for the attackers.”

The Dexphot malware is similar in many ways to the recently discovered malicious code in WAV audio files. This type of malware campaign allows hackers to deploy CPU miners onto the victim’s device, stealing processing resources and generating thousands of dollars a month from mining cryptocurrency. 

These kinds of malware payloads are increasingly popular among hackers as they provide financial benefit while operating in the background without the user’s knowledge — an attack commonly called cryptojacking.

Malware steals Bitcoin from darknet users

In October, major antivirus software supplier ESET discovered a trojanized Tor Browser designed to steal Bitcoin (BTC) from buyers on the darknet. The fake Tor Browser was targeting users in Russia, where since 2017 it has been stealing cryptocurrencies from darknet shoppers by swapping their entered crypto addresses.

Tags
Related Posts
Bitcoin Ransomware and Remote Working: What the Future Holds
The new work-from-home culture is gaining more traction than ever before as businesses, government departments and schools try to remain afloat while flattening the pandemic curve. This migration to remote working is a double-edged sword that creates a fertile land for cybercriminals to thrive on. There is no way that cyberattacks can be eliminated completely. The best that companies can do is minimize the frequency of the threats. What is ransomware? Cybercriminals use malicious software code to block people or organizations from accessing their computer systems until a ransom has been paid. Cryptocurrencies such as Bitcoin (BTC) have made it …
Technology / Aug. 21, 2020
New Ransomware Uses a Banking Trojan To Attack Governments and Companies
A new type of ransomware attack emerged in recent months, raising red flags among the cybersecurity community and authorities such as the FBI in the United States. Cybersecurity firm Group-IB has warned that it comes in the form of a Trojan, according to a report published on May 17. According to Group-IB’s study, the ransomware is known as ProLock and relies on the Qakbot banking trojan to launch the attack and asks the targets for six-figure USD ransoms paid out in BTC to decrypt the files. The roster of victims includes local governments, financial, healthcare and retail organizations. Among them, …
Bitcoin / May 19, 2020
Bakkt Closes New $300M Funding Round to Unlock $1 Trillion in Digital Assets
While cryptocurrency markets are experiencing another crash this Monday, major digital asset platform Bakkt has some good news. Referred to as one of the most promising crypto-related initiatives for its physically settled Bitcoin (BTC) futures, Bakkt has now raised an additional $300 million to continue developing digital asset-focused services, the firm’s new CEO Mike Blandina announced on March 16. Closed the funding round on March 13, Bakkt has now totally raised $482.5 million According to the announcement, the Series B financing round featured Bakkt’s parent company, the Intercontinental Exchange (ICE), Microsoft’s venture capital arm M12, fintech firm PayU, Boston Consulting …
Bitcoin / March 16, 2020
New Bitcoin Wallet-Focused Trojan Uncovered by Security Researchers
A new Remote Access Trojan (RAT) malware that steals Bitcoin (BTC) wallet data has been discovered by security researchers, according to a Sept. 12 report from Zscaler ThreatLabZ. The RAT, dubbed InnfiRAT, is designed to perform a wide range of tasks on the infected machines, including specifically seeking out Bitcoin and Litecoin (LTC) wallet data. A multi-pronged attack on infected systems As the researchers note, InnfiRAT is written in .NET, a software framework developed by Microsoft and used to develop a wide range of applications. The malware is designed to access and steals personal data stored on victims’ computers — …
Bitcoin / Sept. 19, 2019
NYSE Operator Announces New Global Digital Assets Platform, Plans Bitcoin Futures Launch
Intercontinental Exchange (ICE), the operator of 23 leading global exchanges including the New York Stock Exchange (NYSE), has announced plans to create a Microsoft cloud-powered “open and regulated, global ecosystem for digital assets,” according to a press release published August 3. The operator of NYSE is forming a new company, dubbed “Bakkt,” and will work alongside a marquee group of enterprises that includes BCG, Microsoft, Starbucks, and others, to create the new ecosystem. The intention is to create an integrated platform that enables consumers, merchants, and institutional clients to buy, sell, store, and spend digital assets on a “seamless global …
Bitcoin / Aug. 3, 2018