Internet Providers Caught Deploying Crypto Mining Malware

If it wasn’t bad enough with hackers and dodgy websites trying to hijack your computer hardware to mine some crypto coins, ISPs have been discovered doing it also. Governments, or agencies closely linked to them, have been caught commandeering local internet connections in order to inject mining malware.

Turkey, Syria and Egypt Fingered

Fingers have been pointed at internet providers in Turkey and Syria which have been secretly injecting surveillance malware, while those in Egypt have been using the same technology to inject browser based mining malware.

According to reports ISPs in these three countries are using Deep Packet Inspection technology from Sandvine to intercept and manipulate web traffic and end users’ computers. The technology allows internet providers to prioritize, degrade, block, inject, and log various types of internet traffic on a packet by packet basis.

Turkey’s Telecom network has been using Sandvine PacketLogic devices to redirect hundreds of targeted users to malicious websites and spyware. Similar incidents were recorded in Syria whereby users have been redirected to spurious versions of antivirus software containing government malware.

In Egypt telecoms operators have taken a step further and are using the technology to secretly inject crypto mining scripts into every HTTP page that users accessed. Researchers at Citizen Lab found that providers were using a scheme called AdHose to covertly raise money by mining the anonymous altcoin Monero;

“We found similar middleboxes at a Telecom Egypt demarcation point. The middleboxes were being used to redirect users across dozens of ISPs to affiliate ads and browser cryptocurrency mining scripts.” 

Massive Mining Malware Outbreak Halted

In a related story cyber security experts at Microsoft were able to halt a huge outbreak of mining malware this week. Windows Defender researchers discovered the Trojans spreading rapidly across Russia, Turkey and Ukraine, affecting over half a million computers.

The malware dubbed ‘Dofoil’ carried a crypto mining payload which would hijack the hardware of the victim’s machine to mine for the cryptocurrency Electroneum.  Microsoft released a statement on the outbreak which stated;

“Dofoil is the latest malware family to incorporate coin miners in attacks. Because the value of Bitcoin and other cryptocurrencies continues to grow, malware operators see the opportunity to include coin mining components in their attacks. For example, exploit kits are now delivering coin miners instead of ransomware. Scammers are adding coin mining scripts in tech support scam websites.”

Not only do we have to contend with hackers and cyber criminals jumping on the crypto train and looking for a quick buck. Those unfortunate enough to have to use Egyptian internet services will have their government trying to hijack their computers too.

Leave a Comment

Scroll to Top