As reported by University of Toronto’s Citizen Lab, the attackers from the Egyptian telecommunications company Telecom used malware to covertly exploit power users for mining Monero.
In a message posted on the website of the laboratory, explains the principle use of the scheme, which experts have called AdHose:
“We found intermediate device at the demarcation point of Telecom Egypt. They were used to redirect users to a dozen providers of browser-based mining-scripts”.
Telecom Egypt is a large public telecommunications company, and the settings in question are on a huge number of intermediate devices, including devices Sandvine PacketLogic used for state supervision in Turkey and Syria. In January, the researchers have discovered 5700 devices affected by AdHose.
However, in comments that Sandvine gave CoinDesk, the company refused to recognize the validity of the findings of the Citizen Lab:
“Based on preliminary analysis of the report, some statements by Citizen Lab are technically inaccurate and false. […] We have never had, directly or indirectly, any commercial or technical relationship with any suppliers known malware, and our products are not implemented and can not inject malicious software. Our products do include redirection, but HTTP redirect is a technology which is often included in many types of technology products”.
Press Secretary Sandvine also said that currently the company is investigating the allegations.
Note that the trend of “cryptogamia” continues to gain momentum. Earlier it became known about the code Coinhive, which redirect users to the website, podkluchili their devices for mining Monero.