Thursday, May 24, 2018
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Lenovo's PC Sales Shows Signs of Life, Although Smartphones Sales Remain Low
Uber's Self-driving Recognized Pedestrian Late and Failed to Brake: NTSB
Qualcomm Snapdragon 710 Mobile Platform Brings Artificial Intelligence Features to a New Tier of Smartphones
Intel Nervana NNP-L1000 Neural Network Processor Coming in 2019
Uber Ends Arizona Self-driving Program
Apple to Offer $50 Rebates for iPhone Battery Swaps
Qualcomm Snapdragon XR1 SoC to be Dedicated to VR and AR Headsets
Next@Acer: Acer Debuts Premium Chromebooks, Gaming Desktops and Notebooks
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > General Computing > Peer-to...
Last 7 Days News : SU MO TU WE TH FR SA All News

Wednesday, March 14, 2018
Peer-to-peer App Kicked off Dofoil Coin Miner Outbreak


BitTorrent client MediaGet was used in a massive 'Dofoil' campaign that installs malicious cryptocurrency miners on hundreds of thousands of computers.

The inetrest in cryptocurrencies and has led to an explosion of cryptocurrency miners (also called cryptominers or coin miners) in various forms. Mining is the process of running complex mathematical calculations necessary to maintain the blockchain ledger. This process rewards coins but requires significant computing resources.

Coin miners are not inherently malicious. Some individuals and organizations invest in hardware and electric power for legitimate coin mining operations. However, others are looking for alternative sources of computing power; as a result, some coin miners find their way into corporate networks. While not malicious, these coin miners are not wanted in enterprise environments because they eat up precious computing resources.

On March 7, Microsoft reported that a massive Dofoil campaign attempted to install malicious cryptocurrency miners on hundreds of thousands of computers.

Traditionally, Dofoil (also known as Smoke Loader) is distributed in multiple ways, including spam email and exploit kits. But in a outbreak, which began in March 6, a pattern stood out: most of the malicious files were written by a process called mediaget.exe.

This process is related to BitTorrent client MediaGet.

Microsoft says that during the outbreak, Dofoil didn't seem to be coming from torrent downloads. According to the company, the attackers performed an update poisoning campaign that installed a trojanized version of MediaGet on computers. A signed mediaget.exe downloads an update.exe program and runs it on the machine to install a new mediaget.exe. The new mediaget.exe program has the same functionality as the original but with additional backdoor capability.

Microsoft says that the Update.exe is signed by a third-party software company that is unrelated to MediaGet and is probably a victim of this plot. The executable was code signed with a different cert just to pass the signing requirement verification as seen in the original mediaget.exe.

"The malware campaign used Dofoil to deliver CoinMiner, which attempted to use the victims' computer resources to mine cryptocurrencies for the attackers," Microsoft said. "The Dofoil variant used in the attack showed advanced cross-process injection techniques, persistence mechanisms, and evasion methods. Windows Defender ATP can detect these behaviors across the infection chain."

The trojanized mediaget.exe file is detected by Windows Defender AV as Trojan:Win32/Modimer.A.

For enhanced security against Dofoil and others similar coin miners, Microsoft recommends Windows 10 S, which exclusively runs apps from the Microsoft Store, effectively blocking malware and applications from unverified sources.



Previous
Next
Samsung Care Brings Same-Day Authorized Repairs to Galaxy Smartphones        All News        GLOBALFOUNDRIES Extends Silicon Photonics Roadmap to Meet Demand for Datacenter Connectivity
Microsoft Launches $250,000 Security Bounty     General Computing News      GLOBALFOUNDRIES Extends Silicon Photonics Roadmap to Meet Demand for Datacenter Connectivity

Get RSS feed Easy Print E-Mail this Message

Related News
Roaming Mantis Malware Infects Smartphones Through Wi-fi Routers
ZooPark Android Malware Tracks all Your Phone Activities
U.S. Sanctions Russian Cyber Actors for Cyber-Attacks
Microsoft Launches $250,000 Security Bounty
Telegram Messenger Vulnerability Spread Multipurpose Malware
U.S. Takes Down Cybercriminal Enterprise Responsible for More than $530 Million in Losses
Google Removed 700,000 Apps From Google Play in 2017
Fake Spectre and Meltdown Patch Pushes Malware
Malware Spread Through PornHub
Cloak and Dagger Security Hole in Android Discovered
Alleged NSA Malware Does Not Affect Microsoft Users
Preinstalled Malware May Be Targeting Your Android Phone

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2018 - All rights reserved -
Privacy policy - Contact Us .