Today, Microsoft revealed that its Windows Defender stopped a large malware distribution campaign. It had tried to infect more than 400,000 users with a cryptominer. Detection was attributed to computers infected with the Dofoil malware —also known as Smoke Loader— a popular malware downloader. Andy Norton, Director of Threat Intelligence at Lastline commented below.
Andy Norton, Director of Threat Intelligence at Lastline:
“This is the latest wave of attacks as we witnessed attacks earlier this year.
“Unfortunately, the characterisation of the attack is incomplete; in the minutes before Signatures were released, anyone infected would now be trying to clean up this infection. Dofoil or Smoke loader, is branded a “Popular malware downloader”, a piece of malware that’s sole purpose is to download another payload, in this case a coin miner.
“Having an AV tool that removes the malicious code, or reimaging an infected system would appear to be the correct course of action to remediate this threat, but Smoke loader is very much more than a simple downloader, it has many data theft functions that target credentials. If just 1 percent of those 400,000 devices (located mainly in Russia) got infected, we now have 4,000 devices that are now vulnerable to a much greater threat than just coin mining.”