Hackers are using email auto-replies to install crypto-mining malware. This sneaky approach lets them secretly mine cryptocurrency on people’s devices without their knowledge.
How Auto-Reply Emails Are Exploited
Cybersecurity researchers from Facct recently found that hackers are taking advantage of email auto-replies to spread malware. They’ve mainly targeted companies, marketplaces, and financial institutions in Russia. The goal? To install XMRig, a crypto-mining software, on victims’ devices.
XMRig is a legitimate tool for mining Monero, a type of cryptocurrency, but hackers have found ways to use it in their attacks. Since May, Facct identified around 150 emails containing the XMRig malware. Fortunately, their email protection system blocked these malicious emails for their clients.
Why Auto-Replies Make This Method So Dangerous
The danger of this attack method lies in its subtlety. Hackers don’t just send mass spam emails that can be easily ignored. Instead, they use auto-replies from hacked email accounts.
The victim often expects to hear back from the person they initially emailed, unaware that the account has been compromised. This makes the malware-laced response appear more trustworthy.
Recommended Cybersecurity Practices
Facct’s senior analyst Dmitry Eremenko warned that these auto-reply attacks are dangerous because victims unknowingly engage with compromised accounts. Facct advises companies to boost employee cybersecurity awareness through training. Strengthening passwords and using multi-factor authentication are also essential to prevent such attacks.
In a past interview, ethical hacker Marwan Hachem highlighted another useful tip. He suggested using different devices for various types of communication. This keeps your primary device safe and isolates potential malware.
Past Attacks Using XMRig
XMRig, although a legitimate tool, has been involved in various attacks over the years. In 2020, a malware called “Lucifer” targeted vulnerabilities in Windows systems, installing XMRig to mine Monero. Later that year, a botnet known as “FritzFrog” infected millions of IP addresses, including government offices, schools, and banks.
Key Security Measures:
- Employee training: Educate your team on the latest cyber threats.
- Password protection: Use strong, unique passwords.
- Multi-factor authentication: Increases security.
- Separate devices: Isolate communications to limit malware spread.
Auto-reply emails seem harmless but can open the door to severe attacks. Awareness and strong security practices are vital to staying safe.
Disclaimer
FAQ
Cryptocurrency is a digital form of currency secured by cryptography, not controlled by governments or banks.
Cryptocurrency wallets are digital tools for storing and managing your crypto assets.
Best practices for crypto investment include research, diversification, investing what you can afford to lose, and avoiding hype-driven investments.