Microsoft has revealed that its software managed to prevent a huge cryptocurrency-mining malware attack this week. Around half a million computers were identified in the outbreak; as yet those responsible for the attack are unknown.

The Windows Defender research department at Microsoft reported that on the 6th March its systems spotted “sophisticated trojans” using “advanced cross-process injection techniques, persistence mechanisms, and evasion methods”. 80,000 occurrences were blocked in the first moments, while the following 12 hours witnessed another 400,000 attacks. A huge majority of these, over 70%, were in Russia, with Turkey and Ukraine the next most common locations.

Luckily, Microsoft’s cloud-based machine learning models identified the onslaught before any damage had been done. Windows users running Defender AV or Microsoft Security Essentials were all immune from the attack.

The trojans in question appear to be new variations of Dofoil, a previously identified malware, described by Microsoft as the “latest malware family to incorporate coin miners in attacks”. With this kind of coinjacking (or “cryptojacking”), a victim’s computer will be taken over and used to mine cryptocurrency, usually without their knowledge. In this case the target currency was Electroneum.

Many of the recent high profile attacks have been for Monero, a cryptocurrency known for its anonymity. Electroneum was in fact built on the Monero codebase and shares many of its privacy features..

Microsoft suggest that the increased value of cryptocurrencies has made coinjacking much more popular. Where once a hacker might compromise a system and demand payment for its restoration (ransomware), now it makes more financial sense to take over the victim’s computer to mine cryptocurrencies.

Cybersecurity expert Kevin Beaumont thinks that the Microsoft figures may significantly underestimate the size of the attack. “The infections are likely way over half a million as MS are only seeing Defender numbers,” he said. Though the perpetrators are still unknown, the sheer scale of the assault makes it likely that a coordinated group is responsible. “It’s not a kid in a basement”, he added.

Image From Shutterstock