Ochwepheshe bezokuphepha be-Microsoft baxwayise abasebenzisi mayelana nokuhlaselwa kwemvukuzi ye-cryptocurrency ebizwa ngokuthi i-Dexphot, ebiqondise amakhompyutha e-Windows kusukela ngo-Okthoba wonyaka odlule. Umsebenzi ophakeme wohlelo olungayilungele ikhompuyutha waqoshwa ngoJuni walo nyaka, lapho amakhompyutha angaphezu kuka-80 emhlabeni wonke angenwa yilesi sifo.
Umbiko uthi ukuze ingene kumakhompuyutha ezisulu, uhlelo olungayilungele ikhompuyutha lusebenzisa izindlela ezihlukahlukene ukuze ludlule ukuvikela, okuhlanganisa ukubethela, ukufihlwa, nokusetshenziswa kwamagama wefayela angahleliwe ukuze kufihlwe inqubo yokufaka. Kuyaziwa futhi ukuthi umvukuzi akasebenzisi noma yimaphi amafayela phakathi nenqubo yokuqalisa, enze ikhodi enonya ngokuqondile kumemori. Ngenxa yalokhu, ishiya imikhondo embalwa kakhulu ukurekhoda ubukhona bayo. Ukuze ugweme ukutholwa, i-Dexphot ibamba izinqubo ze-Windows ezisemthethweni, okuhlanganisa i-unzip.exe, rundll32.exe, msiexec.exe, njll.
Uma umsebenzisi ezama ukususa uhlelo olungayilungele ikhompuyutha, izinsiza zokuqapha ziyaqaliswa futhi kuphinde kuqalwe ukusuleleka. Umbiko uphawula ukuthi i-Dexphot ifakwe kumakhompyutha asevele angenwe yileli gciwane. Njengengxenye yomkhankaso wamanje, uhlelo olungayilungele ikhompuyutha lufinyelela kumasistimu atheleleke ngegciwane le-ICloader. Amamojula anonya alandwa kuma-URL ambalwa, aphinde asetshenziswe ukubuyekeza uhlelo olungayilungele ikhompuyutha futhi aphinde atheleleke.
βI-Dexphot akulona uhlobo lokuhlasela oluthola ukunakwa kwabezindaba. Lona omunye wemikhankaso eminingi osekunesikhathi eside ikhona. Inhloso yayo isabalele emibuthanweni yobugebengu bamakhompuyutha futhi ifinyelela ekufakeni umvukuzi we-cryptocurrency osebenzisa ngasese izinsiza zekhompyutha ukuze kuzuze abahlaseli,β kusho u-Hazel Kim, umhlaziyi we-malware e-Microsoft Defender ATP Research Group.
Source: 3dnews.ru