Telecom Egypt, a government-owned entity, has been redirecting Egyptian internet users to malware used to mine cryptocurrency or display certain advertisements, according to a report published by security researchers at the University of Toronto. In the report released on 9 March, researchers discovered the use of “deep packet inspection (DPI) middleboxes” used to “hijack Egyptian Internet users’ unencrypted web connections en masse, and redirect the users to revenue-generating content such as affiliate ads and browser cryptocurrency mining scripts.” The researchers called the Egyptian scheme ‘AdHose’ and revealed that it has two modes: a ‘spray mode’ and a ‘trickle mode’. “In spray mode, AdHose redirects Egyptian users en masse to ads for short periods of time. In trickle mode, AdHose targets some JavaScript resources and defunct websites for ad injection,” said the researchers in the report, revealing that in “spray mode”, hijacked devices are also being redirected to cryptocurrency mining ,malware ‘Coinhive’ to mine Monero cryptocurrency. Examples of use of “trickle” mode included redirecting web traffic for advertisement injection when users visit certain sites. Examples of sites provided by the researchers included CopticPope.org, formerly used by the Coptic Orthodox Church in Egypt, and Babylon-X.com, a…
Telecom Egypt is ‘Secretly Using Egyptian Internet Users’ to Mine Cryptocurrency
March 10, 2018
