Hidden mining more and more popular: fixed new attacks in Egypt, Russia, Turkey and Ukraine

Citizen Lab, an interdisciplinary laboratory at the University of Toronto, published a
on Friday, the report which stated that Egypt’s government secretly mines crypto-currencies on the computers of its citizens. The report explains that the device Deep Packet Inspection (DPI) of the company Sandvine/Procera Networks was used «for covert collection of money through affiliate ads and mining of cryptocurrencies in Egypt.»

Sandvine Corporation was acquired in September last year, private equity firm Francisco Partners, which bought Procera Networks in 2015. Then Sandvine and Procera Networks have teamed up and released the software to filter sites Packetlogic, which, according to the report, «may have been used by companies associated with the government of Turkey and Egypt, for the distribution of spyware».

In addition, the Citizen Lab also found that the software sets at least one of the crypto script — Coinhive, which is used for mining anonymous cryptocurrency Monero (XMR). By scanning the IP addresses in some countries, the researchers found DPI devices called intermediate devices that intercept the network traffic Turk Telekom between users and various unencrypted web sites.

These devices were «used to redirect hundreds of users in Turkey and Syria on the state download spyware when they tried to download certain apps for Windows,» said the researchers. In Egypt, the team discovered not only a spyware:

«We found the same intermediate device at the point of demarcation Telecom Egypt. Device used to redirect users dozens of Internet service providers on the affiliate ads and scripts for cryptocurrency mining».

The researchers called the Egyptian scheme Adhose. They claim it works at least October 2016. Citizen Lab has sent letters to Sandvine and Francisco Partners, in which they summarized their findings in February of this year. In its response, Sandvine claims that the report «false, misleading and incorrect». However, in the lab say: «We emphasized that we were confident in our research results, confirmed by two independent expert assessments».

Attack on Russia, Turkey and Ukraine

More than 400,000 personal computers were attacked as part of the attempt to spread malware for mining cryptocurrency. The hackers are using sophisticated Trojans for infection, mainly in Russia but also in Turkey, Ukraine and other countries. Comprehensive malware tried to resist anti-virus protection for more than 12 hours on 6 March. According to Microsoft, the most attacked computers — 73%, were in Russia, 18% Turkey, 4% — in Ukraine. Other countries also suffered.

«Windows defender has blocked more than 80,000 attempts several sophisticated Trojans, which were presented good practices in the implementation of cross-processes, mechanisms of resistance and workarounds,» said the research team, developing software for Microsoft.

Over 400,000 people were attacked, according to Bleeping Computer. The researchers argue that identified the attack of the Trojans early. The threat was detected by anti-virus program that began to block further attempts for a few minutes.

According to the development team of Windows Defender, the malware Dofoil tried to get into the process explorer.exe and to inject malicious code. Then the other explorer.exe had to download and run a cryptocurrency miner disguised as a Windows file wuauclt.exe. Antivirus software can detect these attempts, as the process was executing from a different location on the hard disk.

Microsoft claims that Windows 10, 8.1 and Windows 7 installed Windows Defender or Microsoft Security Essentials was automatically protected. According to Bleeping Computer, other antivirus programs, most likely, also discovered the threat. Dofoil — an active modification of malware, has been known for several years.

Hidden mining is very profitable for the crooks of the matter, that is popular with hackers around the world are already not the first year. In October last year, the company analyzed Adguard 100 000 most popular sites for the presence of hidden scripts for mining cryptocurrency, and said that the hidden victims of mining were already half a billion people.

Добавить комментарий