Microsofts antivirus and malware division recently opened the bonnet on a malicious mutating cryptocurrency miner. The Washington-based big tech firm revealed how machine learning was crucial in putting a stop to it spreading further.<\/p>\n
According to the Microsoft Defender Advanced Threat Protection team, a new malware dubbed Dexphot has been infecting computers since last year, but since June 2019 has been burning out thanks to machine learning.<\/p>\n
Dexphot used a number of techniques such as encryption, obfuscation layers, and randomized files names, to disguise itself and hijack legitimate systems. If successful, the malware would run a cryptocurrency miner on the device. Whats more, a re-infection would be triggered if system admins detected it and attempt to uninstall it.<\/p>\n
Microsoft says Dexphot always uses a cryptocurrency miner, but doesnt always use the same one. XMRig and JCE Miner were shown to be used over the course of Microsofts research.<\/p>\n
At its peak in June this year, 80,000 machines are believed to have displayed malicious behavior after being infected by Dexphot.<\/p>\n
Detecting and protecting against malware like Dexphot is challenging as it is polymorphic. This means that the malware can change its identifiable characteristics to sneak past definition-based antivirus software.<\/p>\n
While Microsoft claims it was able to prevent infections in most cases, it also says its behavior-based machine learning models acted as a safety net when infections slipped through a systems primary defenses.<\/p>\n
In simple terms, the machine learning model works by analyzing the behavior of a potentially infected system rather than scanning it for known infected files a safeguard against polymorphic malware. This means systems can be partly protected against unknown threats that use mechanics similar to other known attacks.<\/p>\n
On a very basic level, system behaviors like high CPU usage could be a key indicator that a device has been infected. When this is spotted, antivirus software can take appropriate action to curtail the threat.<\/p>\n
In the case of Dexphot, Microsoft says its machine learning-based detections blocked malicious system DLL (dynamic link library) files to prevent the attack in its early stages.<\/p>\n
Microsoft has not released any information on how much cryptocurrency was earned as a result of the Dexphot campaign. But thanks to Microsofts machine learning strategy it seems to be putting a lid on it, as infections have dropped by over 80 percent.<\/p>\n
It seems as long as there is cryptocurrency, bad actors will attempt to get their hands on it.<\/p>\n
Just yesterday, Hard Fork reported that the Stantinko botnet, thats infected 500,000 devices worldwide, has added a cryptocurrency miner to its batch of malicious files.<\/p>\n
Published November 27, 2019 09:27 UTC <\/p>\n
<\/p>\n
Read the rest here:<\/p>\n