Unidentified entities at a telecom company connected to the Egyptian government are using malware to trick Middle Eastern Web users into unwittingly mining monero, according to a new report.
Internet users in Turkey and Syria who downloaded Windows applications such as Avast Antivirus, CCleaner, Opera, or 7-Zip were unknowingly redirected to malicious versions with malware, the University of Toronto's Citizen Lab claimed in a study published Friday.
– which calls this scheme "AdHose – explained:
is a major state-owned telecommunications company, and the middleboxes in question include Sandvine PacketLogic devices, which have been associated with government surveillance in Turkey and Syria. The researchers' regional network sweep in January found 5,700 devices affected by AdHose.
When reached for comment, Sandvine pushed back against the report's findings, telling CoinDesk:
The spokesperson also said that an investigation into the allegations is being undertaken because the company is "deeply committed to ethical technology development."
The idea of cryptocurrency-fueled government spyware may seem far-fetched. However, researchers involved with the Tor Project’s Open Observatory of Network Interference noted a similar malware epidemic – minus the cryptocurrency mining element – in 2016. Tor researchers found the Telecom Egypt-owned internet provider TE Data, which controls the majority of Egyptian internet bandwidth, facilitated a man-in-the-middle attack with both malware and affiliate advertising.
Egyptian flag and bitcoin image via Shutterstock