Microsoft adds protection against “cryptojacking”

Microsoft reinforced the standard Windows antivirus, Microsoft Defender, with new functions that seek to prevent ‘cryptojacking’ cyberattacks, through the use of Intel’s Threat Detection Technology (TDT) automatic threat detection technology.

Cryptojacking is a type of malware that uses a part of the computing power of infected computers to mine cryptocurrencies, such as bitcoin or ethereum. This type of attack increased 43 % in the fourth quarter of 2020 compared to the previous period, according to data from Avira Protection Labs.

To protect users from this type of threat, Microsoft and Intel reached an agreement to implement the threat detection technology of this second company in the processor to the antivirus.

Threat detection and protection

The integration of Intel’s Threat Detection Technology (TDT) in Microsoft Defender allows additional detection and protection functions against ‘cryptojacking’, through the use of machine learning technologies, as the company reported in a statement.

TDT performs hardware-based low-level telemetry from the CPU’s performance monitoring unit (PMU), an element that is dedicated to collecting low-level information on performance and microarchitecture.

This system is capable of detecting the footprint left by cryptocurrency mining malware in the execution of code in real time, such as the repeated execution of mathematical calculations, “with minimal indirect expense,” according to the US company.

The new mechanism works even when obfuscation techniques occur or when malware lurks within virtualized guests, “without the need for intrusive techniques such as code injection or performing complex hypervisor introspection.”

K. Tovar

Source: ChapuzasInformático