Cybersecurity experts have unveiled a new technique employed by cybercriminals to stealthily distribute malware for cryptocurrency mining, utilizing automated email responses.
Researchers from the threat intelligence organization Facct have reported that hackers have taken advantage of auto-reply emails from compromised accounts to target various Russian enterprises, online marketplaces, and financial institutions. The attackers aimed to deploy the XMRig miner on the devices of their victims to facilitate the mining of digital currencies.
An illustration of an auto-reply email containing a link to malware. Source: Habr
The security firm noted that it detected 150 emails containing XMRig since late May. However, they also indicated that their business email protection system successfully blocked malicious emails directed at their clients.
### The Risks of Auto-Reply Emails with Malware
Dmitry Eremenko, a senior analyst at Facct, highlighted that this method of delivery poses significant risks because it is the potential victims who initiate the correspondence. In contrast to standard mass-distributed messages, where targets can easily disregard emails they find unimportant, auto-replies create an expectation of communication from the original sender. Victims are unaware that the email account they are interacting with has been compromised. Eremenko stated:
The cybersecurity firm has recommended that organizations conduct regular training sessions to enhance employees’ understanding of cybersecurity and the latest threats. They also emphasized the importance of using robust passwords and multi-factor authentication.
In a prior discussion, ethical hacker Marwan Hachem advised Cointelegraph that employing various communication devices can bolster security by isolating unwanted software, thereby preventing hackers from accessing primary devices.
### Understanding XMRig
XMRig is a legitimate open-source tool designed for mining the Monero (XMR) cryptocurrency. However, since 2020, cybercriminals have incorporated this software into their malicious campaigns, employing different strategies to install it across various systems.
In June 2020, a malware strain known as “Lucifer” exploited outdated vulnerabilities in Windows systems to install the XMRig mining software. Subsequently, in August 2020, a botnet called “FritzFrog” was deployed across millions of IP addresses, targeting governmental agencies, educational institutions, banks, and businesses to install the XMRig application.
### Related:
Asia Express: WazirX hackers prepared for 8 days before the attack; scammers counterfeit fiat for USDT.