Citizen Lab Investigation: Malware Used To Covertly Mine Cryptocurrency In Egypt

- Advertisement -

A bombshell investigation by the University of Toronto’s Citizen Lab reveals startling evidence that sophisticated malware developed by a Canadian software firm was disseminated through a prominent Egyptian telecom company, infecting user devices with cryptocurrency mining scripts.

A detailed investigative report published today by Citizen Lab at the University of Toronto’s Munk School of Global Affairs describes what might be the new standard in a long line of malicious cryptocurrency mining schemes.

The report summarizes how “middlebox” technology – created by the Canada-based Sandvine Corporation – was used to “deliver nation-state malware in Turkey and indirectly into Syria, and to covertly raise money through affiliate ads and cryptocurrency mining in Egypt.”

Middleboxes are a type of software tool used to conduct what is known as deep packet inspection (DPI), which is a way to thoroughly scrutinize internet data. Sandvine calls its DPI product PacketLogic.    

Citizen Lab used a technique known as internet scanning to track middlebox activity on Türk Telekom, Turkey’s formerly state-run telecommunications company (which has since been privatized), and create a digital profile of that activity. That profile, essentially a digital fingerprint, was compared against that of Egypt’s primary telecom company, Telecom Egypt.  

When Telecom Egypt’s profile was found to be similar to Turkey’s, Citizen Lab created a control group to verify its suspicions. The report states, “We developed a fingerprint for the injection we found in Turkey, Syria, and Egypt and matched our fingerprint to a second-hand PacketLogic device that we procured and measured in a lab setting.”

“On a number of occasions, the middleboxes were apparently being used to hijack Egyptian Internet users’ unencrypted web connections en masse, and redirect the users to revenue-generating content such as affiliate ads and browser cryptocurrency mining scripts.”

- Advertisement -

Citizen Lab concluded, “DPI equipment that matches our Sandvine PacketLogic fingerprint is installed on Telecom Egypt’s network at Egypt’s borders, and is used to deliver affiliate ads, cryptocurrency mining scripts, and perhaps nation-state spyware, to Egyptian Internet users.”

Jordan Daniell is a full-time staff writer for ETHNews with a passionate interest in techno-social developments and cultural evolution. Jordan enjoys the outdoors, especially astronomy, and likes to play the bag pipes and explore southern California on foot in his spare time. Jordan lives in Los Angeles and holds value in Ether.

Like what you read? Follow us on X @Bitnewsbot to receive the latest , or other Ethereum technology news.

- Advertisement -



Previous Articles:

- Advertisement -

Latest News

Ripple Applies for US Banking License, Seeks Fed Master Account

Ripple Labs is seeking a national banking license in the United States from the...

Radix Launches Early Test for 1 Billion XRD DeFi Rewards Campaign

Radix will run a public test of its new DeFi rewards campaign from July...

Investors Pump $380M into Four Surging DeFi Protocols in June

Four emerging DeFi projects saw a combined inflow...

FHFA Chief Demands Probe Into Powell Over $2.5B Fed HQ Revamp

FHFA Director William J. Pulte has called for an immediate Congressional investigation into Federal...

SEC to Review Grayscale GDLC ETF Approval, Stays Conversion Order

The U.S. Securities and Exchange Commission (SEC) is reviewing its staff’s approval to convert...

Must Read

What Are Sniper Bots Used in Defi Trading?

You've heard about DeFi, but what about sniper bots? These high-speed trading tools are shaking up the crypto scene.But don't fret, you're not...