A recent report shows that 80,000 computers were hijacked to mine bitcoin. The malicious software named Dexphot uses computing power to mine bitcoin after it after it is loaded on the PC. A PC with this infection will slow down, freeze and even has blue screen. This infection has attracted lots of users’ attention.
The reliable data shows that this malware is mainly spread through various cracked plug-ins, with an average daily number of attacks up to 100,000+ since the outbreak of the Dexphot malware. Obviously, the harm and effect of this malware should not be ignored.
Such great attack damage has something to do with the Dexphot’s complex attack chain. During the attack, the malware used multiple methods such as fileless attacks, polymorphic technologies, and intelligent and redundant startup persistence mechanisms to evade the detection of antivirus software to ensure that it can stay on the computer for a long enough time to mine digital currency.
After the malware sneaks into user’s computer, it first checks whether there is an antivirus program. If a powerful antivirus product is found, the malware will consciously exit directly. If the antivirus software is relatively weak, the malware will close the antivirus software forcedly and use the computing power to mine bitcoin.
During the mining process, the Dexphot malware changes the information such as the file name and URL used during the infection every 20 to 30 minutes. The malware even uses a fileless attack method. As a result, antivirus software will have a harder time detecting malicious code. It also is difficult to find useful forensic tools after the process has stopped.
In addition, the tactics it uses are very special. The mining tactics can be described as attacking and retreating. Generally, when a mining virus executes a mining program on a user’s computer, the computer becomes abnormally slow. Most users check the CPU usage, and then manually end the process that uses high CPU.
However, Dexphot malware is well prepared for such situations. It injects its own malicious code into the system process as a parent process and changes the system process settings. In this case, there will be a blue screen as soon as the user forcibly ends the process.
Dexphot malware is very tricky and nasty. To prevent and stop it, you need to install a piece of powerful antivirus software. Weak antivirus software is a bad choice because it can be bypassed and disabled easily. Kaspersky Lab, Avast, Trend Micro security, and Norton are recommended based on great test results and user reviews. Get a reliable security program. Never leave your computer unprotected.
Published by Emerson L. Sullivan & last updated on December 2, 2019 3:28 am