Internet providers in Turkey and Syria have reportedly been placing surveillance malware on unsuspecting web users, while internet providers in Egypt are applying the same technology to inject mining malware into browsers.
Citing reports from The Citizen Lab, NewsBTC reported that internet service providers are employing Deep Packet Inspection technology from Sandvine to capture and manipulate web traffic and users’ computers.
The report noted that in Turkey, the telecom network has been using Sandvine PacketLogic devices to redirect users to malicious websites and spyware. Similar tactics have played out in Syria, where users are redirected to fake antivirus software that includes government malware. Meanwhile, in Egypt, the telecom companies are secretly injecting crypto mining scripts in all of the HTTP pages that are accessed by users.
The report noted that the telecom providers are using a scheme called AdHose to secretly raise money by mining for anonymous Monero tokens. “We found similar middleboxes at a Telecom Egypt demarcation point. The middleboxes were being used to redirect users across dozens of ISPs to affiliate ads and browser cryptocurrency mining scripts,” Citizen Lab reportedly stated.
Meanwhile, last week, security experts at Microsoft were able to stop an outbreak of a mining malware called Dofoil. The researchers at Microsoft found the Trojans spreading rapidly in Russia, Turkey and Ukraine. All told, the cyberattack impacted half a million computers.
In a statement about the outbreak, Microsoft said: “Dofoil is the latest malware family to incorporate coin miners in attacks. Because the value of bitcoin and other cryptocurrencies continues to grow, malware operators see the opportunity to include coin mining components in their attacks. For example, exploit kits are now delivering coin miners instead of ransomware. Scammers are adding coin mining scripts in tech support scam websites.”