Dexphot Malware Cryptojacked 80,000+ Computers | Avast

Microsoft’s security team released details about a new malware that uses sophisticated and stealthy tactics to evade detection, ZDNet reported. Dexphot, as the malware is called, runs a complicated series of actions to infect and hijack the system for crypto-mining. One of the operations employed is known as process hollowing, a fileless technique for making use of legitimate system processes by hollowing them out and filling them with malicious code. Another operation of the Dexphot malware is polymorphism, a technique that uses different names for the malicious files in an attack, varying them from one attack to the next so they cannot be added to security nets. Both of these tactics make detection especially difficult. The malware also burrows into the system’s scheduled tasks, setting up a re-infection failsafe in case any of the malware’s processes get disturbed. Once the malware senses it is being threatened, it terminates all malicious functions and then reinfects the system. With researchers tracking Dexphot since October 2018, Microsoft noted that the malware reached peak volume in June 2019 when it infected almost 80,000 systems in one day. Since then, Dexphot attacks have been dropping in number.

Source:: Avast