Citizen Lab Investigation: Malware Used To Covertly Mine Cryptocurrency In Egypt

- Advertisement -

A bombshell investigation by the University of Toronto’s Citizen Lab reveals startling evidence that sophisticated malware developed by a Canadian software firm was disseminated through a prominent Egyptian telecom company, infecting user devices with cryptocurrency mining scripts.

A detailed investigative report published today by Citizen Lab at the University of Toronto’s Munk School of Global Affairs describes what might be the new standard in a long line of malicious cryptocurrency mining schemes.

The report summarizes how “middlebox” technology – created by the Canada-based Sandvine Corporation – was used to “deliver nation-state malware in Turkey and indirectly into Syria, and to covertly raise money through affiliate ads and cryptocurrency mining in Egypt.”

Middleboxes are a type of software tool used to conduct what is known as deep packet inspection (DPI), which is a way to thoroughly scrutinize internet data. Sandvine calls its DPI product PacketLogic.    

Citizen Lab used a technique known as internet scanning to track middlebox activity on Türk Telekom, Turkey’s formerly state-run telecommunications company (which has since been privatized), and create a digital profile of that activity. That profile, essentially a digital fingerprint, was compared against that of Egypt’s primary telecom company, Telecom Egypt.  

When Telecom Egypt’s profile was found to be similar to Turkey’s, Citizen Lab created a control group to verify its suspicions. The report states, “We developed a fingerprint for the injection we found in Turkey, Syria, and Egypt and matched our fingerprint to a second-hand PacketLogic device that we procured and measured in a lab setting.”

“On a number of occasions, the middleboxes were apparently being used to hijack Egyptian Internet users’ unencrypted web connections en masse, and redirect the users to revenue-generating content such as affiliate ads and browser cryptocurrency mining scripts.”

- Advertisement -

Citizen Lab concluded, “DPI equipment that matches our Sandvine PacketLogic fingerprint is installed on Telecom Egypt’s network at Egypt’s borders, and is used to deliver affiliate ads, cryptocurrency mining scripts, and perhaps nation-state spyware, to Egyptian Internet users.”

Jordan Daniell is a full-time staff writer for ETHNews with a passionate interest in techno-social developments and cultural evolution. Jordan enjoys the outdoors, especially astronomy, and likes to play the bag pipes and explore southern California on foot in his spare time. Jordan lives in Los Angeles and holds value in Ether.

Like what you read? Follow us on X @Bitnewsbot to receive the latest , or other Ethereum technology news.

- Advertisement -



Previous Articles:

- Advertisement -

Latest News

Bitcoin Risks $2.67B in Longs if Price Falls Below $108K Level

Bitcoin's price approaches its all-time high, with traders watching for signs of a breakout...

CrowdStrike Stock Hits Record High After Analysts Hike Price Target

CrowdStrike Holdings (CRWD) stock reached an all-time high with a gain of more than...

Amber International Raises $25.5M to Grow $100M Crypto Reserve Fund

Amber International Holding raised $25.5 million in a private placement to expand its $100...

Traders Flock to Hyperliquid Apps Amid Hopes for Airdrop Rewards

Investors are moving millions into projects on the Hyperliquid blockchain in hopes of future...

Bank of Russia Rules Out Cryptocurrency Investments, Cites Risks

The Bank of Russia will not invest in cryptocurrencies.The central bank sees cryptocurrencies as...

Must Read

How to Choose a Cryptocurrency Exchange: Major Risks and Expert Advice

During the bitcoin frenzy, in late 2017, Coinbase, one of the key players in the global cryptocurrency market, stopped trading operations. At a point...