Microsoft Blocked More Than 400,000 Malicious Cryptojacking Attempts In One Day

Microsoft’s Windows Defender Antivirus has blocked an attack of more than 400,000 attempts over a span of 12 hours for trojans to infect users with a cryptocurrency miner, according to a Microsoft blog post on March 7.

Windows Defender’s research showed that a little before noon (PST) on March 6, Windows Defender Antivirus began detecting these sophisticated trojans, which are new variants of an application called Dofoil (or Smoke Loader), attempting to inject cryptocurrency mining malwares through “advanced cross-process injection techniques, persistence mechanisms, and evasion methods.”

The majority, or 73 percent, of these instances came from Russia, with 18 percent from Turkey and 4 percent from Ukraine.

Even though Dofoil uses a code injection technique that runs crypto mining malware disguised as a legitimate Windows binary, Windows Defender Antivirus behavior monitoring flagged trojan injections as threats because the network traffic from this binary, wuauclt.exe, is suspicious as well as running from the wrong location.

Dofoil, which Microsoft describes as the “latest malware family to incorporate coin miners in attacks,” used the NiceHash crypto cloud mining marketplace that supports a variety of cryptocurrencies. Microsoft notes that the samples they inspected mined Electroneum coins.

Cryptojacking has become more prevalent recently, with more than 55 percent of businesses worldwide affected by crypto mining attacks as of January 2018.

In mid-February, a malicious crypto mining script was injected into software for helping blind and partially-sighted people go online, affecting more than 5000 websites, including those of the UK government. Earlier in February, a malware for mining Monero was discovered to have infiltrated around 7000 Android devices mainly in China and South Korea.



  1. An impressive share, I simply given this onto a colleague who was doing just a little analysis on this. And he the truth is bought me breakfast as a result of I found it for him.. smile. So let me reword that: Thnx for the deal with! But yeah Thnkx for spending the time to discuss this, I really feel strongly about it and love studying extra on this topic. If potential, as you turn out to be experience, would you mind updating your blog with extra details? It is highly helpful for me. Large thumb up for this blog publish!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.