Poisoned BitTorrent Client Blamed for Spread of Malware Drew Wilson | March 19, 2018 Microsoft says nearly 400,000 devices could have been infected with unauthorized Bitcoin mining due to an update of MediaGet. Russian based BitTorrent client MediaGet is getting a lot of attention in the news. Unfortunately, it is for reasons they likely don’t want. ZDNet is reporting that a poisoned update from the BitTorrent client helped spread the Dofoil malware. From the report: The Dofoil outbreak that attempted to infect over 400,000 Windows PCs within hours last week was caused by attack on an update server that replaced a BitTorrent client called MediaGet with a near-identical but back-doored binary. The ‘MediaGet update poisoning’, as Microsoft calls it, explains why the large-scale attempt to spread a cryptocurrency miner predominantly hit PCs in Russia, Turkey, and Ukraine. Microsoft treats MediaGet as a potentially unwanted application, but in this case the Russian-developed BitTorrent client was a bridge to victims. As Windows Defender researchers have highlighted, the Dofoil outbreak was a priority because it could have just as easily dropped ransomware using the attack vector. We tried looking for a response from MediaGet, however, the official home page no longer loads and the Twitter account is no longer active. Drew Wilson on Twitter: @icecube85 and Google+.