Microsoft says toxic BitTorrent client caused huge Dofoil outbreak
15 Mar 2018
An attempt was detected last week to infect over 400,000 Windows PCs within hours last week.
The Dofoil outbreak was caused by an attack on an update server that replaced a BitTorrent client called MediaGet with a near look-alike but back-doored binary.
According to experts, the 'MediaGet update poisoning', as Microsoft calls it, explains why the large-scale attempt to spread a cryptocurrency miner mostly hit PCs in Russia, Turkey, and Ukraine.
According to commentators, MediaGet is a potentially unwanted application for Microsoft, but in this case, the Russian-developed BitTorrent client facilitated the attack.
According to Windows Defender researchers, the Dofoil outbreak was a priority as it could have just as easily dropped ransomware using the attack vector.
Microsfot researchers say the outbreak was not coming from torrent downloads and was not seen in other file-sharing apps. Rather the malware was coming from the process mediaget.exe.
"To set the stage for the outbreak, attackers performed an update poisoning campaign that installed a trojanized version of MediaGet on computers," the Windows Defender Research team wrote.
Experts point out that, crypto-jacking, has emerged as a threat in which a website or app injects a 'miner' onto the user's device, without the user's knowledge, to allow a remote attacker to tap into their phone or PC's resources for profit.
Microsoft's security team investigated the situation and uncovered a number of interesting trends related to the growing threat.
It may be noted that Microsoft is not against the concept of cryptocurrency, according to the report, but Microsoft says cybercriminals are giving cryptocurrencies a bad name, partly through ransomware that demands payment in the form of a digital currency, typically Bitcoin.
Along with the sharp increase in value of Bitcoin and some other digital coins, "these dynamics are driving cybercriminal activity related to cryptocurrencies and have led to an explosion of cryptocurrency miners," also known as cryptominers or coin miners.