Security researchers at the University of Toronto have discovered that the government of Egypt or agencies linked to it are hacking the internet connections of local users across the country to either mine cryptocurrency or display ads.
In what appears to be a first of its kind attempt by a ‘nation state,’ the secretive program dubbed ‘Adhose’ by researchers was found to have affected more than 95% of surveyed devices this January. Researchers from the university’s Citizen Lab have called this state sponsored hacking ‘the stuff of legends’.
Further, according to the researchers, attacks as these are particularly difficult to detect.
The malicious program has been traced to hardware installed within Telecom Egypt’s network, suggesting state involvement. The malware usually redirects traffic from popular sites to advertising networks. This mode of functioning where only popular sites are affected is called the ‘trickle mode’ by researchers.
The malware can also run a cryptocurrency mining script called Coinhive in the background. This script starts to run when you visit the affected sites. It can even keep running after you close your browser. The script uses up your CPU’s (Central Processing Unit) processing power to mine a cryptocurrency called Monero.
Sometimes, all internet traffic is routed by the malicious program. The researchers call this the ‘spray mode,’ but this is used sparingly. The malware doubles up as a censorship tool too. It blocks access to websites like Human Rights Watch, Al Jazeera and other news and NGO portals. Meanwhile, Sandvine, the Canada based manufacturer of the hardware used in these attacks, has called the reports ‘false and misleading’.
The researchers also uncovered that Syria and Turkey are tricking internet users into downloading spyware in the guise of antivirus software.
Telegram CEO fights Russian crypto ban