Cybersecurity experts are increasingly utilizing automated email responses to infiltrate systems and distribute stealthy crypto mining malware.
Hackers Exploit Auto-Reply Emails
A recent report from the threat intelligence company Facct reveals that hackers are taking advantage of auto-reply emails from compromised accounts to target various organizations in Russia. This includes businesses, marketplaces, and financial institutions.
The primary objective of these attackers is to install the XMRig miner on the devices of unsuspecting victims, which allows them to mine digital assets without detection.
150 Emails Containing XMRig Miner Identified
Facct’s investigation uncovered around 150 emails containing the XMRig miner since late May. Fortunately, the firm’s email protection system successfully blocked these malicious messages before reaching clients.
Dmitry Eremenko, a senior analyst at Facct, emphasized the distinct threat posed by this tactic. Unlike traditional mass phishing schemes, which potential victims can easily disregard, this method exploits the expectations of recipients.
Since victims initiate the communication by sending an email, they are more inclined to trust the auto-reply they receive, often unaware that the contacted email account has been compromised. Eremenko noted, “In this scenario, even if the email seems unconvincing, the established communication chain may reduce suspicion, prompting the recipient to engage with the malicious attachment.”
Recommendations for Enhanced Cybersecurity
Facct recommends that organizations bolster their cybersecurity measures through regular employee training on current threats and best practices. Additionally, they advise implementing strong passwords and multi-factor authentication to guard against such attacks.
Historical Use of XMRig by Hackers
This is not the first instance of hackers using XMRig in their operations. XMRig is an open-source application for mining the Monero cryptocurrency and has frequently appeared in malicious campaigns since 2020.
In June 2020, malware named “Lucifer” exploited vulnerabilities in outdated Windows systems to deploy XMRig. Later, in August 2020, a botnet called “FritzFrog” targeted millions of IP addresses, including government offices and financial institutions, to spread the crypto mining software.
North Korean Hackers and SpyAgent Malware
Recently, the FBI warned about a sophisticated Android malware named SpyAgent, identified by McAfee, designed to steal cryptocurrency private keys from smartphones. This malware employs optical character recognition (OCR) technology to scan and extract text from screenshots and images stored on the device.
The distribution of this malware occurs through malicious links sent via text messages. This warning follows the discovery of another malware threat in August. The “Cthulhu Stealer,” which targets MacOS systems, masquerades as legitimate software and seeks personal information, including MetaMask passwords, IP addresses, and cold wallet private keys.
Additionally, in August, Microsoft uncovered a vulnerability in Google Chrome, which North Korean hacker group Citrine Sleet exploited to create fake cryptocurrency exchanges and fraudulent job applications. Reports indicate that August witnessed a significant rise in crypto-related scams, with losses totaling a staggering $310 million, marking the second-highest monthly total for the year.
The post Hackers Exploit Automated Email Replies to Deploy Stealthy Crypto Mining Malware appeared first on Cryptonews.
