Microsoft says nearly 400,000 devices could have been infected with unauthorized Bitcoin mining due to an update of MediaGet.
Russian based BitTorrent client MediaGet is getting a lot of attention in the news. Unfortunately, it is for reasons they likely don’t want. ZDNet is reporting that a poisoned update from the BitTorrent client helped spread the Dofoil malware. From the report:
The Dofoil outbreak that attempted to infect over 400,000 Windows PCs within hours last week was caused by attack on an update server that replaced a BitTorrent client called MediaGet with a near-identical but back-doored binary.
The ‘MediaGet update poisoning’, as Microsoft calls it, explains why the large-scale attempt to spread a cryptocurrency miner predominantly hit PCs in Russia, Turkey, and Ukraine.
Microsoft treats MediaGet as a potentially unwanted application, but in this case the Russian-developed BitTorrent client was a bridge to victims.
As Windows Defender researchers have highlighted, the Dofoil outbreak was a priority because it could have just as easily dropped ransomware using the attack vector.
We tried looking for a response from MediaGet, however, the official home page no longer loads and the Twitter account is no longer active.
Drew Wilson on Twitter: @icecube85 and Google+.