The unidentified entities of a telecommunications company connected to the Egyptian government are using malware to trick Middle Eastern users into unconsciously mining mine, according to a new report.
Internet users in Turkey and Syria who downloaded Windows applications such as Avast Antivirus, CCleaner, Opera or 7-Zip were unwittingly redirected to malicious versions with malware, the University of Toronto's Citizen Lab said in a study published Friday.
The report – which calls this scheme "AdHose – explained:
"We found that a series of middleboxes on the Türk Telekom network was used to redirect hundreds of users trying to download certain legitimate programs to versions of those programs bundled with spyware …. We found similar middleboxes at a demarcation point of Telecom Egypt: Middleboxes have been used to redirect users of dozens of ISPs to affiliate ads and browser cryptocurrency mining scripts. "
Telecom Egypt is a major state-owned telecommunications company and the relevant middleboxes include the Sandvine PacketLogic devices, which have been associated with government oversight in Turkey and Syria. The regional network of researchers in January detected 5,700 devices affected by AdHose.
Once the comment was reached, Sandvine rejected the conclusions of the report, telling CoinDesk:
"Based on a preliminary review of the report, some allegations by Citizen Lab are technically inaccurate and intentionally misleading …. We have never had, directly or indirectly, any commercial or technological relationship with any known malware provider and our products can not and can not inject malicious software. "Although our products include a redirect feature, HTTP redirection is a technology similar to a commodity that is commonly included in many types of technology products."
The spokesman also said that an investigation into the allegations is underway because the company is "deeply committed to the development of ethical technologies".
The idea of government spyware powered by cryptocurrency may seem far-fetched. However, researchers involved in the Tor Project's Open Observatory of Network Interference detected a similar malware epidemic – minus the cryptocurrency mining element – in 2016. Tor researchers discovered Internet operator owned by Telecom Egypt TE Data, which controls most of the Egyptian Internet bandwidth, has facilitated a man-in-the-middle attack with both malware and affiliate advertising.
Image of the Egyptian and bitcoin flag through Shutterstock