Wednesday, 14 March 2018

Dofoil Malware (Smoke Loader): Infected MediaGet Update After Recent Cryptominer Outbreak



An infected update for the torrent client MediaGet is responsible for the large cryptominer outbreak that Microsoft warned last week. The software giant quickly discovered 400,000 cases of Dofoil malware on computers, which eventually downloaded the cryptominer.

Following screenshot is Dofoil Malware Timeline:


The cryptominer uses the computational power of the infected computers to mine cryptocurrencies. In particular computers in Russia, Turkey and Ukraine were affected by the malware. Dofoil, also known as Smoke Loader, normally spreads via infected e-mail attachments and exploit kits. Striking in the outbreak last week was that most infected files came from a process called mediaget.exe. MediaGet is a program to download torrents. In this case, the malware was not downloaded via infected torrents, but from the program itself.


Further research showed that it was a carefully planned attack, according to Microsoft . The attackers distributed an infected user update from February 12 to February 19 this year via the MediaGet update servers. This update installed a backed up version of the torrent client. From March 1 to March 6, this backdoor was then used to install malware among users. Microsoft says it has shared information with the MediaGet developers, but they have not yet reported the incident on their website.

No comments:

Post a Comment