Nearly 400,000 users were left in utter disarray after it emerged that a massive, chain malware attack had just taken place. The power behind the malware outbreak is believed to be Russian, as the popular torrenting site MediaGet was revealed to be a Russian mirror site working as a magnet link. It is still unclear just how many actual accounts had their sensitive information exposed or stolen due to the attack.
The outbreak is believed to have initiated after March 6 when several users complained about their systems displaying unusual signs of being compromised. Microsoft released a statement on the same day stating that the Windows Defender had picked up and managed to contain a massive malware operation that had sprung a surprise on them. The attack is believed to have targeted mostly users of Russian and Turkish origin. The malware has been codenamed Dofoil (Smoke Leader) Trojan and operates by infecting a computer and then moving on to all other systems on the similar network. Computers that had been plugged in on shared networks are said to have been the biggest victims of this.
A few hours later, Microsoft did release an in-depth report of how the malware had operated and why the attack had probably occurred at all. Windows did accept responsibility for failing to react fast enough, which would have spared a lot of users and their PCs from being infected.
The in-depth report also contains information that this might not have been simply a malware attack as the Dofoil could also potentially try reinstalling itself. Additionally, it could also try installing a Minero miner. This has been a distinctive feature of most malware attacks since the middle of 2017, most of them try installing a cryptominer concurrently on the infected PC. It looks more and more likely that these malware programs are now acting as intrusion bots meant to install the miners on infected PCs.
The exact details of how this malware made its way into the targeted users’ PCs are still something which is unclear. However, it is believed that Mediaget might have generated a file titled my.dat that had attached itself to files that individual users downloaded manually from different torrent sites.
