Over the years, mining for cryptocurrency has become a lucrative business for some enterprising individuals. Although the process seems complicated at the beginning, over time, it becomes easier as users get more familiar with the hardware, software, and nuances. However, there are some individuals who aim to do so the easy way and it's usually through hacks or malware. Microsoft reportedly confirms that a new strain of malware called Dexphot has silently infected more than 80,000 computers since last year.
While most malware are designed to gather confidential user information and other sensitive data, Dexphots operates a little differently. According to Microsoft's security team, this malicious code works its way around the system and uses the computer's resources to mine for crypto-mining. This allows the attackers to gain revenue at the expense of their victims.
ZDNet notes that Dexphot apparently reached a peak of 80,000 computers infected around June this year. While this is definitely alarming, new data shows the number of infections has begun to drop, which is good news. Microsoft reveals that it has been distributing counter measures and updates that will patch out the exploit and hopefully stop future infections.
Most people would think that the malware seems virtually harmless compared to others, but experts would say otherwise. "Dexphot is not the type of attack that generates mainstream media attention," states Microsoft Defender ATP Research Team Malware Analyst Hazel Kim. The team shares that this is a common tactic among cyber criminals in order to generate revenue without spending money on resources.
"Yet Dexphot exemplifies the level of complexity and rate of evolution of even everyday threats, intent on evading protections and motivated to fly under the radar for the prospect of profit," added Kim. Microsoft points out the infection process wherein the crypto mining code is delivered to a computer with existing malware. Researchers are apparently calling this technique second-stage payload.
Moreover, it appears that computer already infected by the ICLoader script. This allegedly comes from pirated software downloads and lets the hacker remotely download the Dexphot malware into the system. After using a method called fileless execution the malware will operate in the background and will not be flagged by existing antivirus software. This serves as a warning to users who are fond of downloading unlicensed software into their PCs or laptops.