Microsoft Defender against cryptojacking

After the rise of digital currencies, many cybercriminals have turned their attention from ransomware to cryptojacking, that is, the extraction of cryptocurrencies using the resources of computers on which malware is installed. Therefore, Microsoft decided to use Intel’s Threat Detection Technology (TDT) technology to detect these cryptocurrencies with Defender for Endpoint.


Cryptocurrencies are usually detected and blocked by antivirus, but this type of malware is becoming increasingly difficult to detect. Microsoft says Defender for Endpoint (a corporate version of Defender Antivirus) is the best solution because Intel TDT can detect cryptocurrencies that evade traditional security tools through blackout techniques.


Using machine learning, Intel TDT can detect malware by analysing telemetry received from the CPU. Cryptologists perform a series of mathematical calculations and this activity can be recorded by the PMU, which sends a signal when a certain limit is exceeded. Machine learning algorithms process this signal and recognise the miner’s fingerprint.


The technology was developed specifically to block cryptocurrencies, but it could also detect side-channel and ransomware attacks with a minimal algorithm modification. Defender for Endpoint with Intel TDT is compatible with Intel Core processors and the Intel VPro platform except the 6th generation.