A report by the University of Toronto’s Citizen Lab shows that Internet users in the Middle East, especially Turkey and Syria, who downloaded windows apps like Avast Antivirus, Ccleaner, Opera or 7-Zip, have been unsuspectingly redirected to malicious versions containing malware. The scheme, which is referred to as an AdHose, is explained in the report as follows,
We found that a series of middleboxes on Türk Telekom’s network were being used to redirect hundreds of users attempting to download certain legitimate programs to versions of those programs bundled with spyware….We found similar middleboxes at a Telecom Egypt demarcation point. The middleboxes were being used to redirect users across dozens of ISPs to affiliate ads and browser cryptocurrency mining scripts.
Telecom Egypt is a state-owned telecommunications company and the middle boxes being questioned in the report are inclusive of Sandvine Packet Logic devices, which have been used for government surveillance in Turkey and Syria. The report showed that more than 5,700 devices were affected, raising questions as to whether the Egyptian government was behind the malware attack, or whether unscrupulous people in Telecom Egypt were responsible.
When asked to comment, Sandvine, through its spokesperson, brushed off the report’s findings. This is what he told Coindesk,
Based on a preliminary review of the report, certain Citizen Lab allegations are technically inaccurate and intentionally misleading….We have never had, directly or indirectly, any commercial or technology relationship with any known malware vendors, and our products do not and cannot inject malicious software. While our products include a redirection feature, HTTP redirection is a commodity-like technology that is commonly included in many types of technology products.
Sandvine also clarified that it has started an investigation to establish the truth behind the allegations, as the company has a declared strong believe in ethical technology development.
While the idea of a cryptocurrency state-sponsored spyware seems far-fetched, in the past, researchers have revealed similar malware attacks (though not on cryptocurrencies). For example, the Tor Project revealed similar malware in 2016. The project’s report indicated that Telecom Egypt, through its Internet provider TE Data, facilitated a man-in-the-middle attack using malware and affiliate advertising.
Image Credit: Deposit Photos
Do you think the recent malware attack on Monero that has been associated with Telecom Egypt is state-sponsored? Give us your opinion in the comments section.