Egyptian Internet Users Affected By Miner Virus
The University of Toronto's Citizen Lab claims that internet users in Turkey and Syria who downloaded Windows apps such as Avast Antivirus, CCleaner, Opera, or 7-Zip were exposed to malware that surreptitiously mined cryptocurrencies.
The report, which calls this scheme "AdHose", explains:
We discovered that a series of media boxes on the Türk Telekom network were used to redirect hundreds of users attempting to download certain programs to download malicious versions of those programs. The telecom network was used to redirect users through dozens of ISPs to affiliated ads and browser mining scripts.
Telecom Egypt is a large state-owned telecommunications company whose Internet users use Sandvine PacketLogic devices that are associated with government oversight in Turkey and Syria. The researchers found that 5,700 devices in the regional network were used in the AdHose scheme.
In turn, Sandvine stepped back from the results of the report, saying
Based on a preliminary review of the report, some of Citizen Lab's statements are technically inaccurate and intentionally misleading. We have never had a direct or indirect commercial or technological relationship with any known vendors of malware, and our products cannot contain malware. Although our products include a redirect feature. HTTP redirection is a technology that is commonly included in many types of technology products.
The spokesperson also said the investigation is underway because the company is "deeply committed to developing ethical technology."
The idea of using spyware to mine cryptocurrencies might seem far-fetched. However, researchers involved in the open networking observatory Tor Project have noted a similar malware epidemic. Tor Project researchers found that Telecom Egypt-owned ISP TE Data, which controls much of Egypt's Internet access, has been involved in malware and affiliate advertising stories.
Post a Comment