According to Cointelegraph, cybersecurity researchers have uncovered a new method employed by hackers to deliver malware for covert cryptocurrency mining, utilizing automated email replies. Researchers from the threat intelligence firm Facct reported that hackers exploited auto-reply emails from compromised accounts to target Russian companies, marketplaces, and financial institutions. The attackers aimed to install the XMRig miner on their victims’ devices to mine digital assets.
Facct identified 150 emails containing XMRig since the end of May. However, the cybersecurity firm also noted that their business email protection system successfully blocked malicious emails sent to their clients. Facct senior analyst Dmitry Eremenko highlighted the danger of this delivery method, explaining that potential victims initiate the communications. Unlike mass-delivered messages, which can be ignored, auto-replies come from contacts the victims expect to hear from, making the malware distribution less suspicious.
The cybersecurity firm urged companies to conduct regular training to increase employees’ knowledge of cybersecurity and current threats. They also recommended using strong passwords and multifactor authentication mechanisms. Ethical hacker Marwan Hachem suggested using different communication devices to isolate unwanted software and prevent hackers from accessing the main device.
XMRig is a legitimate open-source application that mines the Monero (XMR) cryptocurrency token. However, hackers have integrated the software into their attacks, using various tactics to install the app into different systems since 2020. In June 2020, a malware called “Lucifer” targeted old vulnerabilities in Windows systems to install the XMRig mining application. In August 2020, a malware botnet called “FritzFrog” was deployed to millions of IP addresses, targeting government offices, educational institutions, banks, and companies to install the XMRig app.