Since October 2018, Microsoft engineers have been tracking a new strain of malware specifically designed to target Windows machines.
As malware goes, this one isn’t particularly dangerous.
It’s not designed to mass delete files, lock your system down or flood you with pop-up ads.
Rather, its purpose is to install itself stealthily and live in the background where it will steal resources from your PC. It plans on using the resources to mine various forms of cryptocurrency on behalf of the malware’s owners, giving them a fat payday and you a frustratingly slow system.
The malware dubbed Dexphot started as a relatively minor threat, but the average number of infections per day grew steadily until mid-June 2019 before leveling off. At its peak, Dexphot boasted a botnet of some 80,000 computers, creating a globe-spanning network of cryptomining capability that rewarded the malware’s creators handsomely.
Although the type of attack the code relies on isn’t very newsworthy, the thing that caught the attention of Microsoft’s engineers was the complexity of the code.
The team tracking the malware had this to say about it:
“Dexphot is not the type of attack that generates mainstream media attention. It’s one of the countless malware campaigns that are active at any given time. Its goal is a very common one in cybercriminal circles – to install a coin miner that silently seals computer resources and generates revenue for the attackers. Yet Dexphot exemplifies the level of complexity and rate of evolution that even everyday threats, intent on evading protections and motivated to fly under the radar for the prospect of profit.”
The bottom line is, if you’ve noticed that several of the machines on your corporate network are running notoriously slowly, it’s worth doing a deep dive to make sure they haven’t been infected with something like this.