Breaking News

ASUS Republic of Gamers Announces ROG NUC (2025) Gaming Mini PC Kioxia Broadens 8th Generation BiCS FLASH SSD Portfolio ASUS Announces Pro WS Platinum Series Power Supplies Razer Hammerhead V3 Wired Earbuds Bring Premium Sound and Comfort to Every Device ASUS ROG Unveils ROG Astral GeForce RTX 5080 Dhahab CORE OC Edition

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Peer-to-peer App Kicked off Dofoil Coin Miner Outbreak

Peer-to-peer App Kicked off Dofoil Coin Miner Outbreak

Enterprise & IT Mar 14,2018 0

BitTorrent client MediaGet was used in a massive 'Dofoil' campaign that installs malicious cryptocurrency miners on hundreds of thousands of computers.

The inetrest in cryptocurrencies and has led to an explosion of cryptocurrency miners (also called cryptominers or coin miners) in various forms. Mining is the process of running complex mathematical calculations necessary to maintain the blockchain ledger. This process rewards coins but requires significant computing resources.

Coin miners are not inherently malicious. Some individuals and organizations invest in hardware and electric power for legitimate coin mining operations. However, others are looking for alternative sources of computing power; as a result, some coin miners find their way into corporate networks. While not malicious, these coin miners are not wanted in enterprise environments because they eat up precious computing resources.

On March 7, Microsoft reported that a massive Dofoil campaign attempted to install malicious cryptocurrency miners on hundreds of thousands of computers.

Traditionally, Dofoil (also known as Smoke Loader) is distributed in multiple ways, including spam email and exploit kits. But in a outbreak, which began in March 6, a pattern stood out: most of the malicious files were written by a process called mediaget.exe.

This process is related to BitTorrent client MediaGet.

Microsoft says that during the outbreak, Dofoil didn't seem to be coming from torrent downloads. According to the company, the attackers performed an update poisoning campaign that installed a trojanized version of MediaGet on computers. A signed mediaget.exe downloads an update.exe program and runs it on the machine to install a new mediaget.exe. The new mediaget.exe program has the same functionality as the original but with additional backdoor capability.

Microsoft says that the Update.exe is signed by a third-party software company that is unrelated to MediaGet and is probably a victim of this plot. The executable was code signed with a different cert just to pass the signing requirement verification as seen in the original mediaget.exe.

"The malware campaign used Dofoil to deliver CoinMiner, which attempted to use the victims' computer resources to mine cryptocurrencies for the attackers," Microsoft said. "The Dofoil variant used in the attack showed advanced cross-process injection techniques, persistence mechanisms, and evasion methods. Windows Defender ATP can detect these behaviors across the infection chain."

The trojanized mediaget.exe file is detected by Windows Defender AV as Trojan:Win32/Modimer.A.

For enhanced security against Dofoil and others similar coin miners, Microsoft recommends Windows 10 S, which exclusively runs apps from the Microsoft Store, effectively blocking malware and applications from unverified sources.

Tags: Cyber Attackmalware
Previous Post
Samsung Care Brings Same-Day Authorized Repairs to Galaxy Smartphones
Next Post
GLOBALFOUNDRIES Extends Silicon Photonics Roadmap to Meet Demand for Datacenter Connectivity

Related Posts

  • European Supercomputers Researching Covid-19 Report Hacking Attacks

  • Intel and Microsoft Convert Malware to Images to Spot Threads Faster

  • Texas Courts Faced a Ransomware Attack

  • GoDaddy Discloses Data Breach

  • Indonesia's Tokopedia Inverstigates Alleged Data Leak of 91 Million Users

  • Marriott Discloses New Data Breach

  • FireEye Warns About Chinese APT41 Global Intrusion Campaign Using Multiple Exploits

  • Malwarebytes Outlines Coronavirus Scams

Latest News

ASUS Republic of Gamers Announces ROG NUC (2025) Gaming Mini PC
Gaming

ASUS Republic of Gamers Announces ROG NUC (2025) Gaming Mini PC

Kioxia Broadens 8th Generation BiCS FLASH  SSD Portfolio
Enterprise & IT

Kioxia Broadens 8th Generation BiCS FLASH SSD Portfolio

ASUS Announces Pro WS Platinum Series Power Supplies
PC components

ASUS Announces Pro WS Platinum Series Power Supplies

Razer Hammerhead V3 Wired Earbuds Bring Premium Sound and Comfort to Every Device
Consumer Electronics

Razer Hammerhead V3 Wired Earbuds Bring Premium Sound and Comfort to Every Device

ASUS ROG Unveils ROG Astral GeForce RTX 5080 Dhahab CORE OC Edition
GPUs

ASUS ROG Unveils ROG Astral GeForce RTX 5080 Dhahab CORE OC Edition

Popular Reviews

be quiet! Light Loop 360mm

be quiet! Light Loop 360mm

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

Arctic Liquid Freezer III 420 - 360

Arctic Liquid Freezer III 420 - 360

be quiet! Light Mount Keyboard

be quiet! Light Mount Keyboard

Soundpeats Pop Clip

Soundpeats Pop Clip

Crucial T705 2TB NVME White

Crucial T705 2TB NVME White

be quiet! Light Base 600 LX

be quiet! Light Base 600 LX

Noctua NH-D15 G2

Noctua NH-D15 G2

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed