Microsoft adds protection against ‘cryptojacking’ to strengthen Windows antivirus

MADRID, April 27 (2021) –

Microsoft has strengthened the standard Windows antivirus, Microsoft Defender, with new functions that seek to avoid cyberattacks of ‘cryptojacking’, using Intel’s Threat Detection Technology (TDT) automatic threat detection technology.

Cryptojacking is a type of ‘malware’ that uses a part of the computing power of infected computers to mine cryptocurrencies, like Bitcoin or Ethereum. These types of attacks increased 43 percent in the fourth quarter of 2020 compared to the previous period, according to data from Avira Protection Labs.

To protect users from these types of threats, Microsoft and Intel have reached an agreement to implement threat detection technology from this second company on the processor to the standard Windows antivirus, Microsoft Defender.

The integration of Intel Threat Detection Technology (DTT) in Microsoft Defender allows additional functions of detection and protection against ‘cryptojacking’, through the use of machine learning technologies, as Microsoft has reported in a statement.

DTT performs hardware-based low-level telemetry coming from the CPU performance monitoring unit (PMU), an element that is dedicated to collecting low-level information about performance and microarchitecture.

This system is capable of detect the footprint left by cryptocurrency mining ‘malware’ in the execution of code in real time, such as the repeated execution of mathematical calculations, “with minimal indirect cost”, according to the American company.

The new mechanism works even when obfuscation techniques occur or when ‘malware’ is hiding within virtualized guests, “without the need for intrusive techniques such as code injection or complex hypervisor introspection.”

Intel system operation allows work to be downloaded to the graphics processing unit (GPU), performing a continuous monitoring without overloading the device.

Although specifically geared towards detecting cryptocurrency mining ‘malware’, Microsoft’s new Defender technology also enables the detection of parallel channel attacks and ‘ransomware’.

The new Intel DTT protection features are available to all Microsoft Defender users, which works natively and without the need for additional configuration to computers with 6th generation Intel Core and Intel vPro processors onwards.

Add Comment