A cryptomining malware has infected at least 80k devices and uses various tactics to evade detection. Microsoft is warning of malware, Dexphot, that has infected more than 80,000 machines. The malware uses various methods to outwit detection efforts, including an obfuscated script designed to check for antivirus products, and regularly-scheduled malware updates. Dexphot uses process hollowing (a prevalent technique used by cybercriminals to hide malware within a legitimate system process by replacing the contents of that process with malicious code) to load executables onto infected systems.
Source: https://threatpost.com/dexphot-malware-cryptocurrency/150634/