Microsoft has blocked a rapidly spreading malware outbreak that could have infected nearly 500,000 Windows PCs within hours on March 6.
The trojan, known as Dofoil or Smoke Loader, was designed to deliver a range of payload. However, in this case, it dropped a cryptocurrency miner on infected PCs, in order to earn those behind the trojan Electroneum coins from victims’ CPUs.
Microsoft’s Windows Defender antivirus initially detected 80,000 instances of several trojans with this payload at noon PST on March 6. Over the next 12 hours, Windows Defender detected over 400,000 encounters with the trojan, predominantly in Russia, but also in Turkey and Ukraine.