Hackers Exploit Automated Email Replies to Deploy Stealthy Crypto Mining Malware

A hacker deploying malware through automated email replies.The latest has to do with the now-normal auto-response from emails. According to a recent report from threat intelligence firm Facct, cybercriminals were hacking into an organization and sending stealth crypto mining malware-a tactic to target organizations in Russia. This new attack vector leverages auto-response e-mails coming from previously compromised accounts in order to spread the XMRig miner.

XMRig Miner Targets Organizations in Russia

Since late May, Facct has detected about 150 emails carrying the XMRig miner-a utility for mining digital assets in a stealthy way on the victims’ devices. These phishing emails were targeting businesses, marketplaces, and financial institutions, which had been intercepted by the email protection system and never reached the clients.

Exploiting Trust in Email Communication

Facct senior analyst Dmitry Eremenko said the attack is particularly insidious because it plays on the level of trust established when the victim originated the contact with the email account that had been compromised. “Even if the email doesn’t look persuasive, the established chain of communication may kill suspicion, making the target more likely to interact with the malicious attachment,” Eremenko said.

XMRig: The Relentless Cyber Threat

XMRig is the open-source software for mining the cryptocurrency Monero, favored by hackers since 2020. Variants of this tool have been embedded with the “Lucifer” malware in June 2020 and “FritzFrog” botnet in August 2020, which attacked millions of IP addresses worldwide.

Organization Recommendations

The Facct wants organizations to step up cyber security by training their employees in current threats and best practices. They suggest using strong passwords and multi-factor authentication to help avoid attacks of this kind.

Crypto Malware Threat Grows

Crypto malware is getting increasingly sophisticated. Early this month, the FBI warned of the SpyAgent malware, which has its sights on Android devices to steal cryptocurrency private keys using OCR technology. Because of the rise in crypto-related scams, $310 million alone was lost in various exploits last August.

As the cyber threats evolve, so must the organizations be quick with their defense strategies in trying to catch these innovative attack vectors.

Source:btc-pulse.com

Previous articleSEC Chair Gary Gensler grilled over crypto regulation, handling of DEBT Box case in heated congressional hearing
Next articleBitcoin Correlation With Gold Now At Highest Level Since March
Hello, my name is Vincent Parks. I help novice traders and private investors. I write articles on trading / TA / trading psychology etc. For the past 3 years, I have been an account manager in a company that specializes in binary options. I have more than 5 years of professional experience in FX/crypto trading. My goal in life is to share my knowledge and experience with more people.