Cybersecurity researchers have discovered a novel method used by hackers to deliver malware for stealthy crypto mining, leveraging automated email replies.
Researchers from the threat intelligence firm Facct reported that hackers exploited auto-reply emails from compromised accounts to target Russian companies, marketplaces, and financial institutions.
Using this tactic, the attackers sought to install the XMRig miner on their victims’ devices to mine digital assets.
An example of an auto-reply letter with a link to malware Source: Habr
The security company said it had identified 150 emails containing XMRig since the end of May. However, the cybersecurity firm also said that their business email protection system blocked malicious emails sent to their clients.
The danger of auto-replies with malware
Facct senior analyst Dmitry Eremenko explained that the delivery method is dangerous because potential victims initiate the communications. With normal mass-delivered messages, the targets have the option to ignore emails that they deem irrelevant.
However, with the auto-replies, victims expect a response from the person they emailed first, not knowing that the email they are contacting is compromised. Eremenko said:
“In this case, although the letter does not look convincing, communication has already been established, and the file distribution may not arouse particular suspicion.”
The cybersecurity firm urged companies to conduct regular training to increase employees’ knowledge of cybersecurity and current threats. The firm also urged firms to use strong passwords and multifactor authentication mechanisms.
In a previous interview, ethical hacker Marwan Hachem told Cointelegraph that using different communications devices can also help with security. It isolates unwanted software and prevents hackers from reaching your main device.
What is the XMRig?
The XMRig is a legitimate open-source application that mines the Monero (XMR) cryptocurrency token. However, hackers have integrated the software into their attacks, using various tactics to install the app into different systems since 2020.
In June 2020, a malware called “Lucifer” targeted old vulnerabilities in Windows systems to install the XMRig mining application.
In August 2020, a malware botnet called “FritzFrog” was deployed to millions of IP addresses. The malware targeted government offices, educational institutions, banks and companies to install the XMRig app.
Magazine: Asia Express: WazirX hackers prepped 8 days before attack, swindlers fake fiat for USDT