Originally published on: September 25, 2024
Cybersecurity researchers have uncovered a new strategy employed by hackers to distribute malware and engage in discreet crypto mining, using automated email responses as a means of attack.
Facct, a leading threat intelligence company, revealed that hackers took advantage of compromised accounts’ auto-reply emails to target Russian businesses, online marketplaces, and financial institutions. Through this method, the attackers aimed to deploy the XMRig miner on victims’ devices to mine digital currencies.
The security experts at Facct identified approximately 150 emails containing the XMRig miner since the end of May. Fortunately, the firm’s robust business email protection system successfully intercepted and blocked these malicious emails sent to their clients.
Senior analyst Dmitry Eremenko from Facct emphasized the hazardous nature of this delivery approach, as potential victims unknowingly initiate the communication by sending a message to compromised accounts. Unlike mass-distributed messages that can be disregarded, auto-reply emails may deceive individuals into expecting a response from the legitimate user.
To enhance cybersecurity defenses, companies are advised to implement regular employee training programs to increase awareness of potential threats. Additionally, utilizing strong passwords and multifactor authentication mechanisms can significantly mitigate risks.
Ethical hacker Marwan Hachem previously recommended diversifying communication devices to safeguard against unauthorized access and secure sensitive information. This strategy isolates malicious software and prevents hackers from infiltrating primary devices.
The XMRig software, originally intended as a legitimate open-source tool for Monero mining, has been repurposed by hackers for malicious activities since 2020. Incidents like the “Lucifer” malware targeting Windows vulnerabilities and the “FritzFrog” botnet deploying the XMRig app to millions of devices highlight the persistent threats faced by organizations across different sectors.
As cyber threats continue to evolve, staying informed and implementing proactive security measures are essential to safeguarding digital assets and sensitive information from malicious actors.
