A substantial malware uprising last week that spread the cryptocurrency mining malware to 400,000 computers within few hours was due to a backdoor of the BitTorrent names MediaGet. Also known as Dufoil or Smoke Loader, it works by dropping a cryptocurrency miner software as a payload on infected Windows machines and as a result that mine Electroneum (digital coins) by using CPU cycles.
The Smoke Loader campaign was uncovered by Microsoft Windows Defender R&D team that affected computers in Ukraine, Russia and Turkey. Defender team blocked the campaign before any severe damage could be done.
It took about 12 hours to spread the malware to a huge audience and it was not mentioned by Microsoft how this happened.
Few days back, once investigation took place Microsoft disclosed that the attack was targeted to update mechanism of MediGet software and pushed the trojanized software to users.
“A signed mediaget.exe downloads an update.exe program and runs it on the machine to install a new mediaget.exe. The new mediaget.exe program has the same functionality as the original but with additional backdoor capability,” the researchers team explain in a article post published on 14 March”