A Case of Malware Mining Monero (XRM) with Egyptian Telecom Service Provider

There was a real pandemonium unleashed on the Middle Eastern internet users when it was discovered that an Egyptian telecom service provider, which is also one of the biggest telecom companies in Egypt, was taking advantage of their users by forcing them into unknowingly joining a coin hub where their computer power was being used for mining Monero without their knowledge or approval. This case is everything but ethical, and Monero is surely nor enjoying being linked to a malware mining, especially now when it is only one day far from getting a hard fork.

Monero: What exactly happened?

The malware mining case was discovered by the Citizen Lab from the University of Toronto, and they have stated that the Egyptian government is directly involved in this horribly unethical scenario.

More than 5000 users were taken advantage of in order to provide a power source for the Egyptian government that was working with one of Egypt’s largest telecom service providers. The users have been taken advantage of for mining Monero without even knowing, and as you know you get profit for getting involved in mining, so the Egyptian government was apparently trying to get rich by tricking internet users who weren’t suspecting anything.

Apparently, the telecom giant that was involved in this scam has been using a malware called AdHose. AdHose works by redirecting the internet users who gave their trust to this Egyptian telecom service provider to a virtual hub called Coinhive. Through the Coinhive, the users’ computer power and CPU were being used without them knowing for mining Monero, or alternatively for displaying adds. That way the service provider and the Egyptian government could have managed to collect a pretty flattering profit until they were discovered and traced by the Citizen Lab of Toronto.

The malware called AdHose apparently as discovered has two working modes. One of the modes is called “spray mode” and in this mode, if a user affected by this malware tries to reach any website, his or her attempt would result in having the user redirected either to a mining network called Coinhive or alternatively to an ad network.

It was discovered that back in January 2018, as discovered by a scan, that over 90% of users, which resulted in number 5700, was affected by this malware.

The second mode known to AdHose is “trickle mode”. In this mode, certain web addresses would lead affected users to two different websites as set up by the telecom service provider. One of the sites is copticpope.org, which was previously a website belonging to the pope of Coptic Orthodox Church seated in Alexandria. The other site the affected users were being directed to is Babylon-x.com, which was previously a porn site.

This malware is also said to be used for surveillance that Syria and Turkey governments performed over their citizens, that way prohibiting access to media such as Al-Jazeera, also prohibiting access to non-government organizations.

This was all made possible “thanks” to the device provided and manufactured by the company called Sandvine PocketLogic.

Sandvine, however, denies that they have the technology that would enable such operations, as well as that the report provided by Citizen Lab of Toronto, are not to be trusted as a reliable source.

Sandvine further claims that their technology has never been in contact with malware operations as well as that their product doesn’t allow the implementation of suspicious malware that would allow the Egyptian telecom service to redirect their users to the Coinhive. Although they claim that their devices do have the options of HTTP redirection, moreover they added that this feature is enabled and present in many different similar products.

Regardless of Sandvine’s claim, this technology was used for implementing spyware as indicated by Syrian and Turkey government, while it was also used from the side of the Egyptian government for unauthorized use of computer power for mining Monero.

How is Monero Doing at the Current Moment?

As Monero was expecting the launching of its hard fork that should occur tomorrow on March 14^th, XMR had a pretty turbulent couple of weeks.

While Monero is said to be switched with MoneroV, where all Monero tokens would be switched with 10 MoneroV tokens, this currency had some amazing rises in its price, going over to trading around 350$ per one unit at the end of February and the beginning of March.

Things changed more than a bit, so Monero seems to be suffering from severe drops. The latest changed in price was marked by a drop of -11.06% against the dollar, which was a pretty defeating outcome for this currency.

Monero can now be bought at 251.43$ per one unit and is trading in the red. This doesn’t need to be a bad thing as this price enables investors to get their XRM at lower prices.

The things should hopefully get going upwards for Monero after the hard fork, as it usually the case that currencies get more on its monetary value after a change has been made like it is the case with hard forking.

We will be updating our subscribers as soon as we know more. For the latest on XMR, sign up below!

Disclaimer: This article should not be taken as, and is not intended to provide, investment advice. Global Coin Report and/or its affiliates, employees, writers, and subcontractors are cryptocurrency investors and from time to time may or may not have holdings in some of the coins or tokens they cover. Please conduct your own thorough research before investing in any cryptocurrency and read our full disclaimer.

Image courtesy of Dennis Jarvis via Flickr