Dexphot Polymorphic Malware Shows Complexity of Everyday Threats
Ordinary malware can be a real nuisance to detect due to complex methods that allowed it to slip past security solutions. Dexphot is one such strain that managed to run attack routines on close to 80,000 machines earlier this year.
A Dexphot campaign was first spotted in October 2018 affecting thousands of computers, with attackers upgrading the malware over the following months to a level that left little to analyze.
The threat had a surge in mid-June this year, when it landed on tens of thousands of computers. Towards the end of the month the attacks subsided, less than 20,000 machines exhibiting Dexphot activity. By the end of July, the malware was seen on less than 10,000 machines every day. For about a year, security researchers at Microsoft tracked the malware observing the combination of methods that let it slip through the cracks.