Microsoft: 80,000 computers hijacked by malware and turned into Bitcoin generators

According to foreign media reports, Microsoft announced that a new malware is constantly infecting computers and forcing them to mine Bitcoin.

Microsoft security researchers said the malware, called Dexphot, had been infecting computers since at least October 2018 and hijacked 80,000 different computers at its peak in June. Once loaded onto a machine, Dexphot would quietly use some of its computing power to mine for Bitcoin.

Bitcoin is a cryptocurrency that is generated through a process called mining, which requires computers to complete a large number of calculations. Once these calculations are completed, Bitcoins are successfully generated.

While the number of infected computers has steadily declined as security professionals have adopted mitigations and countermeasures, Microsoft said Dexphot requires high attention. The software uses a stealth technique known as polymorphism, which constantly changes the malware's footprint on a computer and helps it hide from antivirus software designed to recognize patterns.

Dexphot’s camouflage method reportedly involves changing key signatures in the code every 20 to 30 minutes. The malware also employs techniques to gradually reinstall itself to ensure it stays on the computer long enough to mine Bitcoin.

"Dexphot is one of countless malware strains active at any given time," said Hazel Kim, a malware analyst at Microsoft's Defender ATP Research Team. "Its goal is very common in cybercriminal circles: to install a cryptocurrency miner that steals computer resources quietly and generates revenue for the attackers. However, Dexphot's daily threat is higher and evolves faster, with the intent to evade protection mechanisms."

Although the Dexphot malware was designed to mine Bitcoin, the cryptocurrency has become common in other scams, especially sextortion scams that attempt to extort users using blackmail. In these scams, users are told to pay a ransom via Bitcoin, which is untraceable, or the scammers will publish nude photos of the victim.