Internet Providers Caught Deploying Crypto Mining Malware

Internet Providers Caught Deploying Crypto Mining Malware

If it wasn’t bad enough with hackers and dodgy websites trying to hijack your computer hardware to mine some crypto coins, ISPs have been discovered doing it also. Governments, or agencies closely linked to them, have been caught commandeering local internet connections in order to inject mining malware.

Turkey, Syria and Egypt Fingered

Fingers have been pointed at internet providers in Turkey and Syria which have been secretly injecting surveillance malware, while those in Egypt have been using the same technology to inject browser based mining malware.

According to reports ISPs in these three countries are using Deep Packet Inspection technology from Sandvine to intercept and manipulate web traffic and end users’ computers. The technology allows internet providers to prioritize, degrade, block, inject, and log various types of internet traffic on a packet by packet basis.

Turkey’s Telecom network has been using Sandvine PacketLogic devices to redirect hundreds of targeted users to malicious websites and spyware. Similar incidents were recorded in Syria whereby users have been redirected to spurious versions of antivirus software containing government malware.

In Egypt telecoms operators have taken a step further and are using the technology to secretly inject crypto mining scripts into every HTTP page that users accessed. Researchers at Citizen Lab found that providers were using a scheme called AdHose to covertly raise money by mining the anonymous altcoin Monero;

“We found similar middleboxes at a Telecom Egypt demarcation point. The middleboxes were being used to redirect users across dozens of ISPs to affiliate ads and browser cryptocurrency mining scripts.” 

Massive Mining Malware Outbreak Halted

In a related story cyber security experts at Microsoft were able to halt a huge outbreak of mining malware this week. Windows Defender researchers discovered the Trojans spreading rapidly across Russia, Turkey and Ukraine, affecting over half a million computers.

The malware dubbed ‘Dofoil’ carried a crypto mining payload which would hijack the hardware of the victim’s machine to mine for the cryptocurrency Electroneum.  Microsoft released a statement on the outbreak which stated;

“Dofoil is the latest malware family to incorporate coin miners in attacks. Because the value of Bitcoin and other cryptocurrencies continues to grow, malware operators see the opportunity to include coin mining components in their attacks. For example, exploit kits are now delivering coin miners instead of ransomware. Scammers are adding coin mining scripts in tech support scam websites.”

Not only do we have to contend with hackers and cyber criminals jumping on the crypto train and looking for a quick buck. Those unfortunate enough to have to use Egyptian internet services will have their government trying to hijack their computers too.

10.03.2018 / 01:05 265
Hackers Target 400,000 Computers with Mining Malware Hackers Target 400,000 Computers with
More than 400,000 personal computers have been attacked in a large-scale attempt to distribute cryptocurrency mining malware. The hackers used
Microsoft Thwarts Massive Electroneum Mining Malware Campaign Microsoft Thwarts Massive Electroneum
Microsoft’s Windows Defender reportedly managed to prevent a massive Electroneum (ETN) mining campaign from spreading, according to the IT giant. Per
Telecom Egypt Covertly Redirecting Internet Users To Crypto Mining Sites, Report Says Telecom Egypt Covertly Redirecting
A study has shown that Egyptian Internet user traffic is being manipulated by govt-linked entities to redirect users to crypto mining sites and ads.
Researcher Finds Nearly 50,000 Websites Running Cryptocurrency Mining Malware Researcher Finds Nearly 50,000 Websites
Troy Mursch from Bad Packets Report recently conducted an investigation, in which he found that the ongoing cryptojacking trend has infected nearly
Domains Running Cryptocurrency Mining Scripts Surge 725 Percent Domains Running Cryptocurrency Mining
The number of domains with cryptocurrency mining scripts installed has skyrocketed 725 percent in four months, according to a security firm’s
How Hacked Widgets Help Criminals Mine Monero How Hacked Widgets Help Criminals Mine
Covert cryptocurrency mining is shaping up to be the new mainstay of cybercrime. Crooks hack servers, personal computers, and mobile devices and take
Comments (0)
Add a comment
Comment on