Monero [XRM] mining malware attack linked to Egyptian telecom giant

According to recent news, the government of Egypt and other related organizations were accused of infecting all the citizens’ computer systems with malware linked to crypto mining.

Recap of the incident:

• Deep packet inspection middleboxes were found on the network.
• These middleboxes are used by the hijackers to redirect the users to affiliate ads or browsers for cryptocurrency mining.

Internet users in Turkey and Syria who had Windows applications such as Avast Antivirus, CCleaner, Opera or 7-Zip installed into their systems were anonymously redirected to malicious versions along with the malware.

According to the statement from a study published by the University of Toronto’s Citizen Lab, this malware is being used by some unidentified entities at a telecom company connected to the Egyptian government to trick Middle Eastern Web users into unwittingly mining Monero [XMR].

Telecom Egypt is a state-owned telecommunications company. The middleboxes accused include Sandvine PacketLogic devices. They have been associated with Turkey and Syria government surveillance.

Mohammed Khan, a regular reader commented:

“LOL!! Sounds very funny, we should probably just get used to these.”

When reached for a comment, Sandvine pushed back against the report’s findings, telling CoinDesk:

“… allegations are technically inaccurate and intentionally misleading….”

Sandvine continued to comment:

“We have never had, directly or indirectly, any commercial or technology relationship with any known malware vendors, and our products do not and cannot inject malicious software.”

The company is known for its ethical technology developments.

The investigation regarding the allegations is in progress. A similar incident was observed in the Tor Project’s Open Observatory of Network Interference: A malware epidemic – without the crypto mining part – back in 2016.

TE Data, Telecom Egypt-owned internet provider which controls the majority of Egypt’s internet bandwidth, facilitated an attack with malware along with affiliated advertising as noted by the Tor researchers.

Sandvine continued:

“While our products include a redirection feature, HTTP redirection is a commodity-like technology that is commonly included in many types of technology products.”

The researchers who unearthed this incident exclaimed:

“This type of intrusion by a nation-state is the stuff of legends”

Source: Read Full Article