400K Malware Outbreak Caused by Backdoored Russian Torrenting Client

Faybert

Level 24
Thread author
Verified
Top Poster
Well-known
Jan 8, 2017
1,318
massive malware outbreak that attempted to infect over 400,000 users during a 12-hour period was caused by a backdoored Russian-based BitTorrent client named MediaGet.

The outbreak happened last Tuesday, on March 6. Microsoft said that the Windows Defender team picked up and stopped a massive malware operation that came out of the blue and attempted to infect mostly Russian and Turkish users with the Dofoil (Smoke Loader) trojan.

Microsoft published an in-depth report of how the malware operated, revealing Dofoil would later try to download and install a Monero miner.

At the time, Microsoft did not reveal how Dofoil landed on users' computers, mainly because it was not entirely sure. Now, the company has published more details, and according to the Windows Defender team, the Dofoil malware landed on users' computers via a file named my.dat, created by mediaget.exe —the MediaGet BitTorrent client's binary.

MediaGet hack happened in mid-February
"Our continued investigation on the Dofoil outbreak revealed that the March 6 campaign was a carefully planned attack with initial groundwork dating back to mid-February," the Windows Defender team said today in a new report.

Microsoft alleges hackers broke into MediaGet's infrastructure, and sometimes between February 12 and 19, attackers managed to replace the official MediaGet installer with one that also included a backdoor.

Hackers then allowed for a two-week window so users would install or update to the new MediaGet versions, the one containing the backdoor.

...
...
...
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top