Poisoned BitTorrent Client Blamed for Spread of Malware

Microsoft says nearly 400,000 devices could have been infected with unauthorized Bitcoin mining due to an update of MediaGet.

Russian based BitTorrent client MediaGet is getting a lot of attention in the news. Unfortunately, it is for reasons they likely don’t want. ZDNet is reporting that a poisoned update from the BitTorrent client helped spread the Dofoil malware. From the report:

The Dofoil outbreak that attempted to infect over 400,000 Windows PCs within hours last week was caused by attack on an update server that replaced a BitTorrent client called MediaGet with a near-identical but back-doored binary.

The ‘MediaGet update poisoning’, as Microsoft calls it, explains why the large-scale attempt to spread a cryptocurrency miner predominantly hit PCs in Russia, Turkey, and Ukraine.

Microsoft treats MediaGet as a potentially unwanted application, but in this case the Russian-developed BitTorrent client was a bridge to victims.

As Windows Defender researchers have highlighted, the Dofoil outbreak was a priority because it could have just as easily dropped ransomware using the attack vector.

We tried looking for a response from MediaGet, however, the official home page no longer loads and the Twitter account is no longer active.

Drew Wilson on Twitter: @icecube85 and Google+.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: