Hackers Exploit Automated Email Replies to Deploy Stealthy Crypto Mining Malware
The attackers aim to install the XMRig miner on victims’ devices.
Cybersecurity researchers are using automated email replies to compromise systems and deliver stealthy crypto mining malware.
According to a report by the threat intelligence firm Facct , hackers have been leveraging auto-reply emails from compromised accounts to target organizations in Russia, including companies, marketplaces, and financial institutions.
The attackers aim to install the XMRig miner on victims’ devices, enabling them to mine digital assets covertly.
150 Emails Containing XMRig Miner Identified
Facct’s investigation revealed that since late May, approximately 150 emails containing the XMRig miner were identified.
However, the firm’s business email protection system successfully blocked these malicious emails before they could reach their clients.
Dmitry Eremenko, a senior analyst at Facct, highlighted the unique danger posed by this attack vector.
Unlike typical mass phishing campaigns where potential victims can easily ignore suspicious emails, this method preys on the expectations of recipients.
Since the victims initiate the communication by sending an email first, they are more likely to trust the auto-reply they receive, unaware that the email account they contacted is compromised.
“In this scenario, even if the email doesn’t appear convincing, the established communication chain may reduce suspicion, making the recipient more likely to engage with the malicious attachment.”
Facct urged organizations to enhance their cybersecurity measures by regularly training employees on current threats and best practices.
They also recommended the use of strong passwords and multi-factor authentication to safeguard against such attacks.
This is not the first time hackers have employed XMRig in their operations.
XMRig, an open-source application designed to mine the Monero cryptocurrency, has been frequently integrated into malicious campaigns since 2020.
In June 2020, a malware dubbed “Lucifer” exploited outdated Windows vulnerabilities to deploy XMRig.
Later, in August 2020, a botnet named “FritzFrog” targeted millions of IP addresses, including government offices and financial institutions, to distribute the crypto mining software.
North Korean Hackers Use Malware to Steal Crypto Keys
Earlier this month, the FBI issued a warning about a sophisticated new Android malware called SpyAgent, discovered by McAfee, which is designed to steal cryptocurrency private keys from users’ smartphones.
SpyAgent targets private keys by leveraging optical character recognition (OCR) technology to scan and extract text from screenshots and images stored on the device.
The malware is distributed through malicious links sent via text messages.
The alert came on the heels of another malware threat identified in August.
The “Cthulhu Stealer,” which affects MacOS systems , similarly disguises itself as legitimate software and targets personal information, including MetaMask passwords, IP addresses, and cold wallet private keys.
The same month saw Microsoft uncover a vulnerability in Google Chrome, which North Korean hacker group Citrine Sleet exploited to create fake cryptocurrency exchanges and fraudulent job applications.
As reported, August saw a surge in crypto-related scams, with a staggering $310 million lost to various exploits, making it the second-highest monthly total this year.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Crypto Bull Market Nearing Its Final Phase, Analyst Warns
Analyst Predicts Major Altcoin Surge as Bitcoin Struggles Below $100K
Solana co-founder faces lawsuit from ex-spouse over staking profits
Share link:In this post: Stephen Akridge, Solana co-founder, is being sued by his ex-wife, Elisa Rossi, for allegedly stealing millions in staking rewards from her crypto wallet. Rossi claims Akridge used his blockchain expertise to secretly control her accounts and take all the rewards without her consent. The lawsuit, filed in San Francisco, accuses Akridge of fraud and unjust enrichment, with the disputed amounts described as “significant.”
Analysts project stock trades will shift beyond the “Magnificent 7”
Share link:In this post: Investor interest has pushed the Magnificent 7 tech stocks to record highs driven by AI. But analysts see this growth extending to other related stocks like utility services providers. Goldman has baskets of stocks that will benefit from the AI hype, including those that use AI to drive sales, even if they do not sell AI chips.