Microsoft “Dexphot” Malware infects more than 80,000 computers

The security analysts at Microsoft have revealed details about a new malware variant known as “Dexphot” that has infected more than 80,000 Computers since October of last year. This malware is a nasty piece of work as it can damage your computer too.

Microsoft “Dexphot” Malware infects more than 80,000 computers

DeOfficial Graph of Dexphot infections
Official Graph of Dexphot infections

The malware named “Dexphot” has affected more than 80,000 computers since October of 2018 with reaching its peak in June this year. This variant of malware is known to infect Computers and mine cryptocurrency on them.

Hazel Kim, A malware analyst at Microsoft, has said, “Dexphot is not the type of attack that generates mainstream media attention,”. This is because this malware doesn’t focus on stealing user data but using systems to mine cryptocurrency.

These sort of malware only has one goal and purpose, to mine crypto coins and get these treat actors some other way to earn more revenue.

Dexphot: How does it infect?

Dexphot Algorithm Chart
Dexphot Algorithm Chart

The Dexphot malware is usually dropped in systems that are especially vulnerable to ICLoader attacks, in which some other software is generally preloaded with some other malicious software, in this case, the Dexphot malware. Then this malware starts using fileless execution which makes it invisible to any user or any anti-malware program. The malware utilises polymorphism to avoid detection.

Furthermore, this malware takes advantage of the LOLbins, the method to hide in plain sight by hooking onto any legitimate Window’s processes.

The malware doesn’t stop there, and the malware can rewrite itself if its deleted by accident or is detected by the user or any anti-malware software. The malware is highly advanced and uses any of the given methods to achieve it’s the only goal, mine Crypto coins.

Leave a Comment