Hackers Exploit Automated Email Replies to Deploy Stealthy Crypto Mining Malware

Last updated:

Author

Ruholamin Haqshanas

Author

Ruholamin Haqshanas

About Author

Ruholamin Haqshanas is a contributing crypto writer for CryptoNews. He is a crypto and finance journalist with over four years of experience. Ruholamin has been featured in several high-profile crypto…

Last updated:

Why Trust Cryptonews

With over a decade of crypto coverage, Cryptonews delivers authoritative insights you can rely on. Our veteran team of journalists and analysts combines in-depth market knowledge with hands-on testing of blockchain technologies. We maintain strict editorial standards, ensuring factual accuracy and impartial reporting on both established cryptocurrencies and emerging projects. Our longstanding presence in the industry and commitment to quality journalism make Cryptonews a trusted source in the dynamic world of digital assets. Read more about Cryptonews

Cybersecurity researchers are using automated email replies to compromise systems and deliver stealthy crypto mining malware.

According to a report by the threat intelligence firm Facct, hackers have been leveraging auto-reply emails from compromised accounts to target organizations in Russia, including companies, marketplaces, and financial institutions.

The attackers aim to install the XMRig miner on victims’ devices, enabling them to mine digital assets covertly.

150 Emails Containing XMRig Miner Identified

Facct’s investigation revealed that since late May, approximately 150 emails containing the XMRig miner were identified.

However, the firm’s business email protection system successfully blocked these malicious emails before they could reach their clients.

Dmitry Eremenko, a senior analyst at Facct, highlighted the unique danger posed by this attack vector.

Unlike typical mass phishing campaigns where potential victims can easily ignore suspicious emails, this method preys on the expectations of recipients.

Since the victims initiate the communication by sending an email first, they are more likely to trust the auto-reply they receive, unaware that the email account they contacted is compromised.

“In this scenario, even if the email doesn’t appear convincing, the established communication chain may reduce suspicion, making the recipient more likely to engage with the malicious attachment.”

Facct urged organizations to enhance their cybersecurity measures by regularly training employees on current threats and best practices.

They also recommended the use of strong passwords and multi-factor authentication to safeguard against such attacks.

This is not the first time hackers have employed XMRig in their operations.

XMRig, an open-source application designed to mine the Monero cryptocurrency, has been frequently integrated into malicious campaigns since 2020.

In June 2020, a malware dubbed “Lucifer” exploited outdated Windows vulnerabilities to deploy XMRig.

Later, in August 2020, a botnet named “FritzFrog” targeted millions of IP addresses, including government offices and financial institutions, to distribute the crypto mining software.

North Korean Hackers Use Malware to Steal Crypto Keys

Earlier this month, the FBI issued a warning about a sophisticated new Android malware called SpyAgent, discovered by McAfee, which is designed to steal cryptocurrency private keys from users’ smartphones.

SpyAgent targets private keys by leveraging optical character recognition (OCR) technology to scan and extract text from screenshots and images stored on the device.

The malware is distributed through malicious links sent via text messages.

The alert came on the heels of another malware threat identified in August.

The “Cthulhu Stealer,” which affects MacOS systems, similarly disguises itself as legitimate software and targets personal information, including MetaMask passwords, IP addresses, and cold wallet private keys.

The same month saw Microsoft uncover a vulnerability in Google Chrome, which North Korean hacker group Citrine Sleet exploited to create fake cryptocurrency exchanges and fraudulent job applications.

As reported, August saw a surge in crypto-related scams, with a staggering $310 million lost to various exploits, making it the second-highest monthly total this year.

You May Also Like