Cybersecurity researchers have discovered a novel method used by hackers to deliver malware for stealthy crypto mining, leveraging automated email replies.
Researchers from the threat intelligence firm Facct
reported
that hackers exploited auto-reply emails from compromised accounts to target Russian companies, marketplaces, and financial institutions.
Using this tactic, the attackers sought to install the XMRig miner on their victims’ devices to mine digital assets.
An example of an auto-reply letter with a link to malware Source: Habr
The security company said it had identified 150 emails containing XMRig since the end of May. However, the cybersecurity firm also said that their business email protection system blocked malicious emails sent to their clients.
The danger of auto-replies with malware
Facct senior analyst Dmitry Eremenko explained that the delivery method is dangerous because potential victims initiate the communications. With normal mass-delivered messages, the targets have the option to ignore emails that they deem irrelevant.
However, with the auto-replies, victims expect a response from the person they emailed first, not knowing that the email they are contacting is compromised. Eremenko said:
The cybersecurity firm urged companies to conduct regular training to increase employees’ knowledge of cybersecurity and current threats. The firm also urged firms to use strong passwords and multifactor authentication mechanisms.
In a previous interview, ethical hacker Marwan Hachem told Cointelegraph that using different communications devices can also help with security. It
isolates unwanted software
and prevents hackers from reaching your main device.
Related:
OpenAI’s press account hack was 5th security breach in 20 months
What is the XMRig?
The XMRig is a legitimate open-source application that mines the Monero (
XMR
) cryptocurrency token. However, hackers have integrated the software into their attacks, using various tactics to install the app into different systems since 2020.
In June 2020, a malware called “Lucifer”
targeted old vulnerabilities
in Windows systems to install the XMRig mining application.
In August 2020, a malware botnet called “FritzFrog” was
deployed to millions
of IP addresses. The malware targeted government offices, educational institutions, banks and companies to install the XMRig app.
Magazine:
Asia Express: WazirX hackers prepped 8 days before attack, swindlers fake fiat for USDT
Email AutoReply Flaw Lets Hackers Exploit for Cryptocurrency Mining