Researchers at threat intelligence firm Facct recently highlighted an innovative technique used by hackers to deliver malware. By exploiting automatic email replies from compromised accounts, these cybercriminals are specifically targeting Russian companies, marketplaces and financial institutions.
The attackers‘ main objective is to install the XMRig miner on their victims’ devices in order to mine crypto-currencies. Since the end of May, the company has identified 150 emails containing this type of malware. Fortunately, their protection system against malicious emails has managed to block these attempts from their customers.
Dmitry Eremenko, senior analyst at Facct, explains that this method is particularly dangerous because it relies on the victim initiating the attack. Unlike messages sent en masse, which can be easily ignored, here the victim expects a legitimate response from the contact initially solicited. ‘In this case, although the letter is not convincing, as the communication has already been established, the distribution of the file may not arouse much suspicion’, explains Eremenko.
Faced with this growing threat, Facct recommends that companies organise regular training courses to make their employees aware of the current cybersecurity issues. The introduction of strong passwords and the use of multi-factor authentication mechanisms are also strongly encouraged.
Marwan Hachem, an ethical hacker interviewed by Cointelegraph, also recommends using different devices for different types of communication in order to isolate any unwanted software and thus prevent hackers from accessing your main device.
XMRig is a legitimate open-source application used to mine the crypto-currency Monero (XMR). However, since 2020, hackers have been incorporating this software into their attacks using a variety of methods. For example, in June 2020, a piece of malware called ‘Lucifer’ targeted old vulnerabilities in Windows systems to install XMRig. In August 2020, a botnet called ‘FritzFrog’ was deployed to millions of IP addresses, mainly targeting government administrations, educational and financial institutions and various businesses.
In conclusion, it is becoming crucial for every organisation and individual connected to the global network to be vigilant in the face of these new insidious forms of cyber attack.
