Dexphot malware infects 80,000 Microsoft computer, converts them into Bitcoin generators

Dexphot malware can reinstall itself just to make sure that the Bitcoin mining process runs without any interruption

Microsoft security engineers found a new strain of malware which infected computer and turned them to mine Bitcoin. While revealing this terrible news related to system hacking, Security researchers for Microsoft mentioned that the malware, called as Dexphot, has been infecting systems since at least October 2018 and in June it affected 80,000 different machines in all over the world.

It should be noted that after attacking the computers Dexphot quietly uses part of its computing power to mine Bitcoin, which can be generated through the completion of the large strings of calculations. The tech giant Microsoft stated that while Dexphot stands out for its sophistication and success, the number of infected systems has steadily decreased.

Russian Hackers to target 2020 Tokyo Olympics, reveals Microsoft
Microsoft said 80000 computers were hijacked by malware (Representational picture) Reuters

Modus operandi of Dexphot

This malware actually uses a cloaking technique called polymorphism which is responsible for constantly changing the Dexphot's footprint on a system and helps cloak it from antivirus software designed to recognize such attacks.

This method works to change key signatures from the code, once in every 20 to 30 minutes. As mentioned by the researchers this malware is also capable of reinstall itself incrementally to ensure the continuation of the Bitcoin mining process.

For almost a year, Microsoft tracked Dexphot malware by observing the combination of methods that let it slip through the cracks. Code obfuscation, randomized file names, encryption and deploying malicious code in computer's memory were among the methods used to avoid detection.

Hazel Kim, a malware analyst for the Microsoft Defender ATP Research Team told ZDNet that the goal of this malware is very common "one in cybercriminal circles - to install a coin miner that silently steals computer resources and generates revenue for the attackers," but Dexphot exemplifies the level of complexity and "rate of evolution of even everyday threats, intent on evading protections and motivated to fly under the radar for the prospect of profit."

Bitcoin and cybersecurity threat

Bitcoin Pixabay

Bitcoin is a cryptocurrency which is a decentralized digital currency without a central bank or single administrator that can be sent from user to user on the peer-to-peer bitcoin blockchain network without the need for intermediaries.

Earlier a cybersecurity firm Group-IB CEO Ilya Sachkov said, "Today cryptocurrency indeed represents one of the most confidential methods to transfer money, with the transactions being extremely hard to track down. However, it should be noted that bitcoin offers far less secrecy than other cryptocurrencies and cybercriminals know it and rely on less "mainstream" cryptocurrencies like Monero."

In this recent case, Dexphot malware was designed to mine bitcoin, which has become a regular feature in other scams, particularly sextortion scams that includes theft of private details and blackmailing of the victim.