A new study conducted by the University of Toronto’s Citizen Lab claims that an Unidentified entity connected to the Egyptian government as well as the telecom industry has been filtering users’ machines with malware that mines Monero.
Middle Eastern Web users, especially people living in Turkey and Syria have been victims of this malware attack. While attempting to download everyday internet tools such as Avast Antivirus, CCleaner, Opera and 7-Zip, users were redirected to download malicious versions of these programs.
The malware scheme, which has been named Adhose, is said to have affected over 5700 devices, as per reports from January. Here is a brief look at what the report has to say regarding how the scheme is being operated:
“We found that a series of middleboxes on Türk Telekom’s network were being used to redirect hundreds of users attempting to download certain legitimate programs to versions of those programs bundled with spyware[….]We found similar middleboxes at a Telecom Egypt demarcation point. The middleboxes were being used to redirect users across dozens of ISPs to affiliate ads and browser cryptocurrency mining scripts.”
Now, this Telecom Egypt is one of the major government-owned telecommunication companies. Also, it has been found that Sandvine PacketLogic devices have been one of the referred middleboxes. The company is also known to be associated with the government surveillance program in Turkey and Syria. This is what they have to say in retaliation to the accusation:
“Based on a preliminary review of the report, certain Citizen Lab allegations are technically inaccurate and intentionally misleading[….]We have never had, directly or indirectly, any commercial or technology relationship with any known malware vendors, and our products do not and cannot inject malicious software. While our products include a redirection feature, HTTP redirection is a commodity-like technology that is commonly included in many types of technology products.”
Now, this wouldn’t be the first time for such a malware epidemic to take place in Egypt. Back in 2016, the Tor Project’s Open Observatory of Network Interference found TE Data, an Egypt-owned internet provider to be linked to a malware attack as well.