Cybersecurity researchers are using automated email replies to compromise systems and deliver stealthy crypto mining malware.
According to a report by the threat intelligence firm Facct, hackers have been leveraging auto-reply emails from compromised accounts to target organizations in Russia, including companies, marketplaces, and financial institutions.
The attackers aim to install the XMRig miner on victims’ devices, enabling them to mine digital assets covertly.
150 Emails Containing XMRig Miner Identified
Facct’s investigation revealed that since late May, approximately 150 emails containing the XMRig miner were identified.
However, the firm’s business email protection system successfully blocked these malicious emails before they could reach their clients.
Dmitry Eremenko, a senior analyst at Facct, highlighted the unique danger posed by this attack vector.
Unlike typical mass phishing campaigns where potential victims can easily ignore suspicious emails, this method preys on the expectations of recipients.
Since the victims initiate the communication by sending an email first, they are more likely to trust the auto-reply they receive, unaware that the email account they contacted is compromised.
“In this scenario, even if the email doesn’t appear convincing, the established communication chain may reduce suspicion, making the recipient more likely to engage with the malicious attachment.”
Facct urged organizations to enhance their cybersecurity measures by regularly training employees on current threats and best practices.
They also recommended the use of strong passwords and multi-factor authentication to safeguard against such attacks.
This is not the first time hackers have employed XMRig in their operations.
XMRig, an open-source application designed to mine the Monero cryptocurrency, has been frequently integrated into malicious campaigns since 2020.
In June 2020, a malware dubbed “Lucifer” exploited outdated Windows vulnerabilities to deploy XMRig.
Later, in August 2020, a botnet named “FritzFrog” targeted millions of IP addresses, including government offices and financial institutions, to distribute the crypto mining software.
North Korean Hackers Use Malware to Steal Crypto Keys
Earlier this month, the FBI issued a warning about a sophisticated new Android malware called SpyAgent, discovered by McAfee, which is designed to steal cryptocurrency private keys from users’ smartphones.
SpyAgent targets private keys by leveraging optical character recognition (OCR) technology to scan and extract text from screenshots and images stored on the device.
The malware is distributed through malicious links sent via text messages.
The alert came on the heels of another malware threat identified in August.
The “Cthulhu Stealer,” which affects MacOS systems, similarly disguises itself as legitimate software and targets personal information, including MetaMask passwords, IP addresses, and cold wallet private keys.
The same month saw Microsoft uncover a vulnerability in Google Chrome, which North Korean hacker group Citrine Sleet exploited to create fake cryptocurrency exchanges and fraudulent job applications.
As reported, August saw a surge in crypto-related scams, with a staggering $310 million lost to various exploits, making it the second-highest monthly total this year.
The post Hackers Exploit Automated Email Replies to Deploy Stealthy Crypto Mining Malware appeared first on Cryptonews.