DirtyMoe Cryptojacking and DDoS Malware Infects Thousands of Ukrainian Computers

Over 2,000 computers in Ukraine have been infected with DirtyMoe malware, the Computer Emergency Response Team of Ukraine (CERT-UA) warns.

“As part of a detailed study of the cyber threat, a study of the received samples of malicious programs was conducted, the peculiarities of the functioning of the management server infrastructure were established, and more than 2,000 affected computers were identified in the Ukrainian segment of the Internet,” reads a CERT-UA security advisory.

Worm-like Dissemination on Compromised Systems

The malware strain, first spotted in 2016, lets threat actors carry out DDoS attacks and cryptojacking on compromised devices. Security experts pointed out that the malware can leverage known security flaws to spread on compromised systems in a worm-like fashion.

“DIRTYMOE has functionality for self-propagation by selecting authentication data and/or exploiting a number of vulnerabilities both in relation to computers located in a local computer network and computers based on a list of IP addresses, which is formed according to a separate algorithm depending on the "external" IP -addresses of the affected object,” researchers explain.

Paired With Other Malware for Delivery

Historically, DirtyMoe has piggybacked on a malware strain called Purple Fox to reach the targeted devices. To make matters worse, Purple Fox has rootkit capabilities, letting perpetrators evade detection, and making it difficult to remove.

Sometimes, threat actors obfuscate it under phony MSI installer packages such as Discord, Telegram or other popular software.

Initial Vector Still Unknown

Researchers attributed the malicious campaign to the UAC-0027 threat actors and have yet to discover the initial access vector. CERT-UA recommends isolating vulnerable devices, such as those running outdated operating systems, either virtually or physically, and implementing filtering for both incoming and outgoing traffic.

CERT-UA’s advisory encompasses comprehensive technical details about the malware, indicators of compromise and an extensive list of IP addresses of intermediate control nodes associated with DirtyMoe.

Keeping Safe Against DirtyMoe and Other Malware

Specialized security software such as Bitdefender Ultimate Security can protect you from digital threats like DirtyMoe. It encompasses robust detection and protection modules that can fend off viruses, rootkits, Trojans, worms, zero-day exploits, spyware, ransomware and other e-threats.