Hackers deliver popular crypto-miner through malicious email auto replies, researchers say

Avatar

Cybercriminals compromised email accounts and set up seemingly innocuous automatic replies that contained links to cryptocurrency mining malware, according to a new report.

Researchers from Russian cybersecurity firm F.A.C.C.T. said the novel tactic was used to deliver the Xmrig crypto-miner to workers at Russian tech companies, retail marketplaces, insurance firms and financial businesses. F.A.C.C.T. said it has identified about 150 emails containing Xmrig since the end of May.

“This method of malware delivery is dangerous because the potential victim initiates communication first,” said Dmitry Eremenko, senior analyst at F.A.C.C.T. “This is the main difference from traditional mass mailings, where the recipient often receives an irrelevant email and ignores it.”

Emails sent through auto replies would likely not arouse particular suspicion even if they do not look convincing, Eremenko added.

Xmrig is an open-source cryptocurrency mining software primarily used for mining Monero (XMR). Hackers have consistently devised new methods to deliver Xmrig to victims’ devices — in one campaign, they used pirated versions of the video editing software Final Cut Pro to install the crypto-miner on Apple computers.

F.A.C.C.T. did not provide details on whether the latest attacks were successful and who was behind them.

But the researchers did say that the compromised email accounts had all previously had their credentials leaked on the darknet, along with some personal data. Compromised accounts included ones linked to small trading firms, construction companies, a furniture factory and a farm.

CybercrimeIndustryNewsNews Briefs
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

New Brazilian-Linked SambaSpy Malware Targets Italian Users via Phishing Emails

Next Post

Russian cyber firm Dr.Web says services are restored after ‘targeted cyberattack’

Related Posts

New Linux Malware ‘sedexp’ Hides Credit Card Skimmers Using Udev Rules

Cybersecurity researchers have uncovered a new stealthy piece of Linux malware that leverages an unconventional technique to achieve persistence on infected systems and hide credit card skimmer code. The malware, attributed to a financially motivated threat actor, has been codenamed sedexp by Aon's Stroz Friedberg incident response services team. "This advanced threat, active since 2022, hides
Avatar
Read More