Summary: Cybercriminals have exploited compromised email accounts to distribute cryptocurrency mining malware through automatic replies, targeting various sectors in Russia. This novel delivery method poses a significant risk as it appears legitimate, prompting victims to engage without suspicion.
Threat Actor: Cybercriminals | cybercriminals
Victim: Various Russian companies | various russian companies
Key Point :
- Compromised email accounts were used to send automatic replies containing links to Xmrig crypto-mining malware.
- Approximately 150 emails with Xmrig have been identified since late May, targeting sectors like tech, retail, and finance.
- This delivery method is particularly dangerous as it relies on the victim initiating communication, reducing suspicion.
- All compromised accounts had previously leaked credentials on the darknet, indicating a broader security issue.
- Hackers have previously used other methods, such as pirated software, to deliver Xmrig to victims’ devices.
Cybercriminals compromised email accounts and set up seemingly innocuous automatic replies that contained links to cryptocurrency mining malware, according to a new report.
Researchers from Russian cybersecurity firm F.A.C.C.T. said the novel tactic was used to deliver the Xmrig crypto-miner to workers at Russian tech companies, retail marketplaces, insurance firms and financial businesses. F.A.C.C.T. said it has identified about 150 emails containing Xmrig since the end of May.
βThis method of malware delivery is dangerous because the potential victim initiates communication first,” said Dmitry Eremenko, senior analyst at F.A.C.C.T. “This is the main difference from traditional mass mailings, where the recipient often receives an irrelevant email and ignores it.β
Emails sent through auto replies would likely not arouse particular suspicion even if they do not look convincing, Eremenko added.
Xmrig is an open-source cryptocurrency mining software primarily used for mining Monero (XMR). Hackers have consistently devised new methods to deliver Xmrig to victimsβ devices β in one campaign, they used pirated versions of the video editing software Final Cut Pro to install the crypto-miner on Apple computers.
F.A.C.C.T. did not provide details on whether the latest attacks were successful and who was behind them.
But the researchers did say that the compromised email accounts had all previously had their credentials leaked on the darknet, along with some personal data. Compromised accounts included ones linked to small trading firms, construction companies, a furniture factory and a farm.
Recorded Future
Intelligence Cloud.
Source: https://therecord.media/hackers-deliver-crypto-miner-through-email-auto-replies