Hunting down Dofoil with Windows Defender ATP

Dofoil is a sophisticated threat that attempted to install coin miner malware on hundreds of thousands of computers in March, 2018. In previous blog posts we detailed how behavior monitoring and machine learning in Windows Defender AV protected custome… Continue reading Hunting down Dofoil with Windows Defender ATP

Poisoned BitTorrent client kickstarted malware outbreak that tried to infect 400,000 PCs

Microsoft has detailed how it intercepted a massive malware distribution campaign on March 6th which attempted to infect over 400,000 Windows PCs with cryptomining software in a single 12 hour period.
Read more in my article on the Tripwire State of Se… Continue reading Poisoned BitTorrent client kickstarted malware outbreak that tried to infect 400,000 PCs

Trojanized BitTorrent Software Update Hijacked 400,000 PCs Last Week

A massive malware outbreak that last week infected nearly half a million computers with cryptocurrency mining malware in just a few hours was caused by a backdoored version of popular BitTorrent client called MediaGet.

Dubbed Dofoil (also known as Smo… Continue reading Trojanized BitTorrent Software Update Hijacked 400,000 PCs Last Week

Poisoned peer-to-peer app kicked off Dofoil coin miner outbreak

On March 7, we reported that a massive Dofoil campaign attempted to install malicious cryptocurrency miners on hundreds of thousands of computers. Windows Defender Antivirus, with its behavior monitoring, machine learning technologies, and layered appr… Continue reading Poisoned peer-to-peer app kicked off Dofoil coin miner outbreak

Invisible resource thieves: The increasing threat of cryptocurrency miners

The surge in Bitcoin prices has driven widescale interest in cryptocurrencies. While the future of digital currencies is uncertain, they are shaking up the cybersecurity landscape as they continue to influence the intent and nature of attacks. Cybercri… Continue reading Invisible resource thieves: The increasing threat of cryptocurrency miners

fake eFax message from “0300 200 3835” – 2 page(s) malspam delivers smoke /sharik /dofoil and Trickbot

An email with the subject of eFax message from “0300 200 3835” – 2 page(s) pretending to come from efax  but actually coming from a look alike domain eFax <message@mail.efaxcorporate254.top>   with a malicious word doc attachment  is today’s latest spoof of a well known company, bank or public authority delivering  Sharik /Smoke Continue reading → Continue reading fake eFax message from “0300 200 3835” – 2 page(s) malspam delivers smoke /sharik /dofoil and Trickbot

Fake / Spoofed HM Land Registry Notification of direct debit of fees delivers malware

An email with the subject of Notification of direct debit of fees pretending to come from HM Land Registry   but actually coming from a look alike domain <noreply.efees@landregistrygov160.top>  with a malicious word doc attachment  is today’s latest spoof of a well known company, bank or public authority delivering malware. in today’s case Continue reading → Continue reading Fake / Spoofed HM Land Registry Notification of direct debit of fees delivers malware

Smoke Loader – downloader with a smokescreen still alive

This time we will have a look at another payload from recent RIG EK campaign. It is Smoke Loader (also known as Dofoil), a bot created several years ago. One of its early versions was advertised on the black marker in 2011.Categories: Malware
Threat a… Continue reading Smoke Loader – downloader with a smokescreen still alive

MSRT April release features Bedep detection

As part of our ongoing effort to provide better malware protection, the Microsoft Malicious Software Removal Tool (MSRT) release this April will include detections for: Win32/Bedep – Trojan family Win32/Upatre – Trojan family Ransom:MSIL/Samas – Ransomware family In this blog, we’ll focus on the Bedep family of trojans.   The bothersome Bedep Win32/Bedep was first… Continue reading MSRT April release features Bedep detection