Microsoft has stopped a large scale malware distribution campaign that tried to infect almost 500,000 Windows PCs with a cryptocurrency miner. Windows Defender antivirus software detected 80,000 instances of several Trojans with the payload known as Dofoil or Smoke loader, at noon PST on March 6. Over the next 12 hours, Defender picked up over 400,000 more encounters with the Trojan, mainly in Russia, but also in Turkey and Ukraine. Dofoil uses a technique known as 'process hollowing' on the legitimate explorer.exe binary. The technique creates a new instance of the legitimate prigram but swaps out its code with malware.…
[Continue Reading]