Jump to content

Invite Scene - #1 to Buy, Sell, Trade or Find Free Torrent Invites

#1 TorrentInvites Community. Buy, Sell, Trade or Find Free Torrent Invites for Every Private Torrent Trackers. HDB, BTN, AOM, DB9, PTP, RED, MTV, EXIGO, FL, IPT, TVBZ, AB, BIB, TIK, EMP, FSC, GGN, KG, MTTP, TL, TTG, 32P, AHD, CHD, CG, OPS, TT, WIHD, BHD, U2 etc.

LOOKING FOR HIGH QUALITY SEEDBOX? EVOSEEDBOX.COM PROVIDES YOU BLAZING FAST & HIGH END SEEDBOXES | STARTING AT $5.00/MONTH!

Microsoft: Poisoned Torrent Client Triggered Coin Miner Outbreak

Len

By Len
in BitTorrent World Discussion

 Share

Recommended Posts

Len Newbie

Len

Posted
Posted

A poisoned version of MediaGet, an all-in-one BitTorrent client developed in Russia, was used to offload malicious cryptocurrency miners. According to research from Microsoft, the application helped to kick off the Dofoil campaign that targeted hundreds of thousands of computers. Mediaget says that the issue has been fully resolved at their end.

mediaget.pngFirst released in 2010, MediaGet has been around for a while. Initially, the torrent client was available in Russian only, but the team later expanded its reach across the world.

While it’s a relatively small player, it has been installed on millions of computers in recent years. It still has a significant reach, which is what Microsoft also found out recently.

This week the Windows Defender Research team reported that a poisoned version of the BitTorrent client was used to start the Dofoil campaign, which attempted to offload hundreds of thousands of malicious cryptocurrency miners.

Although Windows Defender caught and blocked the culprit within milliseconds, the team further researched the issue to find out how this could have happened.

It turns out that the update process for the application was poisoned. This then enabled a signed version of MediaGet to drop off a compromised version, as can be seen in the diagram below.

“A signed mediaget.exe downloads an update.exe program and runs it on the machine to install a new mediaget.exe. The new mediaget.exe program has the same functionality as the original but with additional backdoor capability,” Microsoft’s team explains.

 

The update poisoning
 
mediagetdiagram.png

 

The malicious MediaGet version eventually triggered the mass coin miner outbreak. Windows Defender Research stresses that the poisoned version was signed by a third-party software company, not MediaGet itself.

Once the malware was launched the client built a list of command-and-control servers, using embedded NameCoin DNS servers and domains with the non-ICANN-sanctioned .bit TLD, making it harder to shut down.

More detailed information on the attack and how Dofoil was used to infect computers can be found in Microsoft’s full analysis.

MediaGet informs TorrentFreak that hackers compromised the update server to carry out their attack.

“Hackers got access to our update server, using an exploit in the Zabbix service and deeply integrated into our update mechanics. They modified the original version of Mediaget to add their functionality,” MediaGet reveals.

The company says that roughly five percent of all users were affected by the compromised update servers. All affected users were alerted and urged to update their software.

The issue is believed to be fully resolved at MediaGet’s end and they’re working with Microsoft to take care of any copies that may still be floating around in the wild.

“We patched everything and improved our verification system. To all the poisoned users we sent the message about an urgent update. Also, we are in contact with Microsoft, they will clean up all the poisoned versions,” MediaGet concludes.

https://torrentfreak.com/microsoft-poisoned-torrent-client-triggered-coin-miner-outbreak-180315/

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Check out what our members are saying

    tiziano21211
    Fast, responsive and patient. I had the item exactly as described, and worked with me to get everything set up. I would buy from you again.
    arispale
    great service ! superb speed !! top !!!
    jagoo1699
    Hello. A++ transaction. This was top notch communication and walk through from Inviter from start to finish. I successfully registered and am loving access to a really good one.…
    Carlos Flores
    I didn't have much expectation at first but then I got what I was looking for and super fast with an excellent service. Keep the good work. I'm glad this site exist
    Candlemaker
    Purchased a CGPeers invite from Inviter furthermore got a prompt response. Thanks very much; I'm looking forward to my time here.
    77884561
    The whole transaction process went smoothly, very pleasant
    GeraldReite
    Speedy and responsive, excellent rates, have ordered my invites and have not had any issues! 10/10 recommend!
    test1231
    Great Service, very prompt reply and solving queries. 
    eggsorer
    Sent the invite fairly quickly, and sent very short, straight to the point, concise messages.
    mrlovelife
    Good place to buy real legit torrent invites, providing friendly and responsive help if required nice effort mainlining this site, keep up the good work :)
    Skavv
    First exchange I made, reasonable price, convenient payment method, simple and instant reactivity, no problem at all.
    Silvernon
    Awesome service. Thanks.
    Serrak
    It's the first time I ever bought an invite for a private tracker, but after seeing as how certain private trackers are impossible to get into unless you know somehow or have so…
    21freckles
    Very prompt and professional.
    cnstradu
    Fairness, speed, professionalism, reasonable price and especially trustworthy. I bought it from you and I will do it again. Thank you.
    Henry Adams
    came on this scene thinking it may be a bit seedy but i found the absolute opposite. Inviter reached out and gave better customer service than pretty much all other services i'v…
    divyangtyagi1412
    Inviter provides lower prices than other providers and other forum owners by a higher margin. He is the man to buy from if you are looking for a torrent invites to any website h…
    Southey
    Superfast communication, very fair and reasonable pricing. I would highly recommend it to anyone that needs a torrent invite 🙂
    concept
    Inviter had a rare invite, reasonable price, responded quickly, and is trustworthy. This is only my first transaction, but it won't be my last. Thanks again!
    didako014
    Absolutely great, Inviter is very fast and nice when solving queries. I received my invite immediately, thank you so much!
    anthonysteven
    Il migliore venditore, 100%
    kenpark
    Prefect and always a great communicator from start to finish will use again A+ for service and support 
    uG#38S
    Everything went perfectly. I got a torrent of a childhood TV Show that I couldn't find anywhere else, legal or otherwise.
    inann
    Trustable seller, 100% money back guaranteed. Traded ptp, bibliotik and cinematik.
    cprado
    Inviter is a professional in a world of shady dealers. He is 100% honest and he always does what he says he will. It is the nature of buying invites and accounts that there will …
    GreenGrass
    Smooth transaction, no complaints at all. Highly recommended!
    DMcanelo
    Definitely, you can trust him. Fast and efficient. 
    rycaholix1985
    Did not take long to get my desired account.  Good job to @Inviter , for allowing a quick and painless way of getting my account.  Thanks again.

  • Our picks

    View All
×
×
  • Create New...