A new report by Microsoft detailing the evolution of the Dexphot cryptomining malware highlights how even more everyday cyber threats are getting increasingly sophisticated. Dexphot was first detected in October of last year and has compromised tens of thousands of machines since then.
While Dexphot has received relatively little attention, it is a sophisticated polymorphic threat that uses extensive obfuscation in order to avoid detection together with various methods for maintaining persistence on infected devices. Like many advanced malware strains, Dexphot is a fileless threat that runs solely in memory. It imitates legitimate processes, which not only makes it “harder to detect the malicious code while it’s running,” but also “harder to find useful forensics after the process has stopped.”
Read more: ‘Dexphot’: A Sophisticated, Everyday Threat