Dofoil, aka Smoke Loader, the malware responsible for dropping a cryptocurrency miner for Electroneum coins managed to infect almost 500,000 computers within just 12 hours.
First, we have detected more than 80,000 infections with Dofoil, and then within the next 12 hours, over 400,000 more instances were recorded.
After running a malware analysis on Dofoil, researchers found out that all infections that were rapidly spreading across Russia, Turkey, and Ukraine, were carrying a digital coin-mining payload.
They didn’t manage to find how these miners were delivered to such a massive audience at the first place in this short period.
Dofoil is using a custom-made mining application that can mine different cryptocurrencies and in this campaign is programmed to mine Electroneum coins only.
Such miners are very dangerous because they can reduce the lifespan of your device. The processing power of every infected machine is also reduced. To stay away from such threats, we recommend the install of antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your device is running.
If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests; they are essential because an infection that uses malware coin miners is hazardous for every company.
This danger can make inoperable the entire company until he is cleared.
Dofoil trojan is using an old code injection technique called process hollowing that will spawn a new instance of a legitimate process with a malicious one to make any cybersecurity solution like an antivirus irrelevant.
The hollowed process, in this case, is using legitimate Windows binary, wuauclt.exe.
The hollowed process creates a copy of the original malware in the Roaming AppData folder and renames it to ditereah.exe and then it creates a registry key or modifies an existing one to point to the newly created malware copy.
This malware is using sophisticated obfuscating techniques, and only a top cybersecurity solution can eradicate a threat like this. Remember to use an antivirus for windows or antivirus for mac in every device that you own, depending on which OS your machine is running,
If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.