D
DelJo63
A very sophisticated and complex malware is in the wild -- robust at retaining control. It's goal -- Crypto mining at your expense.
The gory details are at ZDnet.com, but here's a synopsis:
The gory details are at ZDnet.com, but here's a synopsis:
it's a form of a second-stage payload -- a type of malware that's dropped on systems that are already infected by other malware, like computers that were previously infected with ICLoader,
Dexphot file or operation would use a technique known as fileless execution to run inside the computer's memory only making detection extremely difficult
Dexphot would also employ a technique called "living off the land" (or LOLbins) to (ab)use legitimate Windows processes to execute malicious code, rather than run its own executables and processes.
Dexphot also employed a technique called polymorphism. This technique refers to malware that constantly changes its artifacts. According to Microsoft, Dexphot operators changed the file names and URLs used.
malware used a technique called process hollowing to start two legitimate processes (svchost.exe and nslookup.exe), hollow their content, and run malicious code from within them.
also working as a failsafe, Dexphot also used a series of scheduled tasks to make sure the victim is fileslessly reinfected after every reboot, or once every 90 or 110 minutes.
again, see the ZDnet article for details
Last edited by a moderator: