Collaborate Disseminate
Dofoil is a sophisticated threat that attempted to install coin miner malware on hundreds of thousands of computers in March, 2018. In previous blog posts we detailed how behavior monitoring and machine learning in Windows Defender AV protected custome… Continue reading Hunting down Dofoil with Windows Defender ATP
Microsoft has detailed how it intercepted a massive malware distribution campaign on March 6th which attempted to infect over 400,000 Windows PCs with cryptomining software in a single 12 hour period.
Read more in my article on the Tripwire State of Se… Continue reading Poisoned BitTorrent client kickstarted malware outbreak that tried to infect 400,000 PCs
A massive malware outbreak that last week infected nearly half a million computers with cryptocurrency mining malware in just a few hours was caused by a backdoored version of popular BitTorrent client called MediaGet.
Dubbed Dofoil (also known as Smo… Continue reading Trojanized BitTorrent Software Update Hijacked 400,000 PCs Last Week
On March 7, we reported that a massive Dofoil campaign attempted to install malicious cryptocurrency miners on hundreds of thousands of computers. Windows Defender Antivirus, with its behavior monitoring, machine learning technologies, and layered appr… Continue reading Poisoned peer-to-peer app kicked off Dofoil coin miner outbreak
The surge in Bitcoin prices has driven widescale interest in cryptocurrencies. While the future of digital currencies is uncertain, they are shaking up the cybersecurity landscape as they continue to influence the intent and nature of attacks. Cybercri… Continue reading Invisible resource thieves: The increasing threat of cryptocurrency miners
An email with the subject of eFax message from “0300 200 3835” – 2 page(s) pretending to come from efax but actually coming from a look alike domain eFax <message@mail.efaxcorporate254.top> with a malicious word doc attachment is today’s latest spoof of a well known company, bank or public authority delivering Sharik /Smoke … Continue reading → Continue reading fake eFax message from “0300 200 3835” – 2 page(s) malspam delivers smoke /sharik /dofoil and Trickbot
An email with the subject of Notification of direct debit of fees pretending to come from HM Land Registry but actually coming from a look alike domain <noreply.efees@landregistrygov160.top> with a malicious word doc attachment is today’s latest spoof of a well known company, bank or public authority delivering malware. in today’s case … Continue reading → Continue reading Fake / Spoofed HM Land Registry Notification of direct debit of fees delivers malware
This time we will have a look at another payload from recent RIG EK campaign. It is Smoke Loader (also known as Dofoil), a bot created several years ago. One of its early versions was advertised on the black marker in 2011.Categories: Malware
Threat a… Continue reading Smoke Loader – downloader with a smokescreen still alive
As part of our ongoing effort to provide better malware protection, the Microsoft Malicious Software Removal Tool (MSRT) release this April will include detections for: Win32/Bedep – Trojan family Win32/Upatre – Trojan family Ransom:MSIL/Samas – Ransomware family In this blog, we’ll focus on the Bedep family of trojans. The bothersome Bedep Win32/Bedep was first… Continue reading MSRT April release features Bedep detection