Dexphot is transforming unsuspecting computers into its personal crypto mine.
A very particular type of malware has been lurking in the back annals of the internet for over a year now, according to Microsoft. In October of 2018, Microsoft began receiving surges of suspicious activity reports on thousands of devices, the exact specifications of which seemed to be shifting every 20-30 minutes. They named this malware “Dexphot,” and have been keeping a close watch on it ever since.
Since its initial discovery, Microsoft estimates that Dexphot has infected over 80,000 separate systems, with peak infection occurring this past June. Dexphot’s goal is to take control of an infected device, though unlike more overt malware that holds a system ransom, its goals are more subtle. When Dexphot has established a presence in a system, it begins quietly installing background mining programs that siphon away a system’s resources to generate cryptocurrency for the hacker. This is a process that has become more common in the last few years commonly referred to as “cryptojacking.” Generating crypto takes a lot of processing power, so it makes sense that a hacker would use a bunch of other peoples’ computers to do the deed instead of their own.
Dexphot is tricky; once it has its foothold, it can be very difficult to remove. Even if its files are deleted, it leaves seed files in monitoring services that will re-infect systems. If you suspect you’ve been infected by Dexphot or any similar malware, contact Microsoft right away.