Bitcoin
$64,767.54+2.92%
Ethereum
$3,095.32+1.25%
Binance Coin
$561.26+2.27%
Solana
$144.55+5.99%
XRP
$0.50030525+0.49%
Toncoin
$7.07+12.57%
Dogecoin
$0.15301390+1.92%
Cardano
$0.46568514+2.71%
Shiba Inu
$0.00002327+3.23%
Avalanche
$35.43+0.35%
Wrapped Bitcoin
$64,928.71+2.95%
Tron
$0.10936838-0.73%
PlayIconNav
Crypto Prices CoinDesk 20 Index CoinDesk 20 Index
Consensus 2024Price Increase Extension Ends In
01
DAY
08
HR
25
MIN
48
SEC
Markets

Monero Mining Malware Attack Linked to Egyptian Telecom Giant

Thousands of devices allegedly affected by malware across Egypt, Turkey and Syria.

By Leigh Cuen
AccessTimeIconMar 12, 2018 at 6:00 a.m. UTC
Updated Sep 13, 2021 at 7:40 a.m. UTC
Egypt
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Unidentified entities at a telecom company connected to the Egyptian government are using malware to trick Middle Eastern Web users into unwittingly mining monero, according to a new report.

Internet users in Turkey and Syria who downloaded Windows applications such as Avast Antivirus, CCleaner, Opera, or 7-Zip were unknowingly redirected to malicious versions with malware, the University of Toronto's Citizen Lab claimed in a study published Friday.

The report

– which calls this scheme "AdHose – explained:

"We found that a series of middleboxes on Türk Telekom's network were being used to redirect hundreds of users attempting to download certain legitimate programs to versions of those programs bundled with spyware....We found similar middleboxes at a Telecom Egypt demarcation point. The middleboxes were being used to redirect users across dozens of ISPs to affiliate ads and browser cryptocurrency mining scripts."

Telecom Egypt

is a major state-owned telecommunications company, and the middleboxes in question include Sandvine PacketLogic devices, which have been associated with government surveillance in Turkey and Syria. The researchers' regional network sweep in January found 5,700 devices affected by AdHose.

When reached for comment, Sandvine pushed back against the report's findings, telling CoinDesk:

"Based on a preliminary review of the report, certain Citizen Lab allegations are technically inaccurate and intentionally misleading....We have never had, directly or indirectly, any commercial or technology relationship with any known malware vendors, and our products do not and cannot inject malicious software. While our products include a redirection feature, HTTP redirection is a commodity-like technology that is commonly included in many types of technology products."

The spokesperson also said that an investigation into the allegations is being undertaken because the company is "deeply committed to ethical technology development."

The idea of cryptocurrency-fueled government spyware may seem far-fetched. However, researchers involved with the Tor Project’s Open Observatory of Network Interference noted a similar malware epidemic – minus the cryptocurrency mining element – in 2016. Tor researchers found the Telecom Egypt-owned internet provider TE Data, which controls the majority of Egyptian internet bandwidth, facilitated a man-in-the-middle attack with both malware and affiliate advertising.

Egyptian flag and bitcoin image via Shutterstock

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.