Microsoft says 80,000 computers were hijacked by malware that turned them into Bitcoin generators
- A malware hijacked at least 80,000 computers to generate Bitcoin
- Users were often unaware that they were infected by the malware
- The virus used part of the machine’s computing power covertly
- Microsoft says malware was surprisingly sophisticated
A new strain of malware was found infecting computers and forcing them to mine Bitcoin according to Microsoft.
Security researchers for Microsoft say the malware, dubbed Dexphot, has been infecting computers since at least October 2018 and hit its peak in June by finding its way into 80,000 different machines.
Once loaded onto a machine, Dexphot quietly uses part of its computing power to mine Bitcoin.
Bitcoin, a cryptocurrency, is generated through a process called ‘mining’ which users computers to complete large strings of calculations. Those calculations, once complete, result in a successfully mined Bitcoin.
Hackers used malware to turn 80,000 computers into Bitcoin generators without users knowing
While the number of infected computers has steadily decreased due to mitigation efforts and countermeasures, Microsoft says that Dexphot stands out for its sophistication and success.
Among its techniques was a type of cloaking called polymorphism that constantly changes the malware’s footprint on a computer and helps cloak it from antivirus software designed to recognize patterns.
According to ZDNet, the cloaking method changes artifacts – key signatures from the code – once every 20 to 30 minutes.
The malware also employed techniques to reinstall itself incrementally in order to ensure that it remained on computers long enough to mine Bitcoin.
WHAT IS A BOTNET?
A botnet is a chain of computers that has been co-opted using malicious code.
Hackers use these networks of computers to help them launch various attacks, including mass spam campaigns and DDoS attacks meant to overload servers and imperil an entities infrastructure.
According to Norton Security:
‘A botnet is nothing more than a string of connected computers coordinated together to perform a task. That can be maintaining a chatroom, or it can be taking control of your computer.’
‘It’s one of the countless malware campaigns that are active at any given time. Its goal is a very common one in cybercriminal circles – to install a coin miner that silently steals computer resources and generates revenue for the attackers,’ Hazel Kim, a malware analyst for the Microsoft Defender ATP Research Team told ZDNet.
‘Yet Dexphot exemplifies the level of complexity and rate of evolution of even everyday threats, intent on evading protections and motivated to fly under the radar for the prospect of profit.’
Though Dexphot malware was designed to mine bitcoin, the cryptocurrency has become a regular feature in other scams, particularly sextortion scams that try to extort users using black mail.
In the scams, users are told to deliver a ransom via Bitcoin, which cannot be traced, or a scammer will release alleged nude photos of the victim.