Attacker pushes trojanized BitTorrent software, infects nearly 500,000 computers within 12 hours

According to thehackernews on March 14, a large-scale malware intrusion occurred in Russia and central Europe last week. Nearly 500,000 computers were infected by cryptocurrency mining software in a few hours. Although Microsoft did not immediately explain the specific cause of the incident, it was revealed recently that it was due to the MediaGet version of the BitTorrent client’s background version.

According to Microsoft, the attacker pushed its Trojanized version (mediaget.exe) to the user’s computer for the MediaGet BitTorrent software update mechanism. This new mediaget.exe program has the same functionality as the original program but has additional backdoor functionality.

Image: Microsoft

Once users update, malicious BitTorrent software with extra backdoor functionality will randomly connect to a Command & Control (C&C) server (four servers in total) on its distributed Namecoin network infrastructure and listen for new commands. Subsequently, the malware immediately downloads mining components from the C&C server and begins exploiting the infected user’s computer to mine the cryptocurrency. In addition, using a C&C server, an attacker can also instruct infected systems to download and install other malware from remote URLs.

Source: thehackernews