Egyptian Government Allegedly Found Culpable Of Distributing Mining Malware

Mining Malware

Security researchers at the Citizen Lab of the University of Toronto have come to the conclusion that the government of Egypt, or entities affiliated with it, have been hijacking the connections of local internet users with a view to secretly conducting the mining of virtual currencies. According to the security researchers the tactics being employed are difficult to detect.
“The Egyptian scheme, which we call AdHose, has two modes. In spray mode, AdHose redirects Egyptian users en masse to ads for short periods of time. In trickle mode, AdHose targets some JavaScript resources and defunct websites for ad injection,” wrote the Citizen Lab security researchers in a report.

Sandvine ParketLogic software

Per the security researchers among the 95% of devices which were scrutinized more than 5,700 were victims of AdHose. To implement AdHose, the Sandvine ParketLogic software was used. This same software has been linked to the governments of Syria and Turkey which use it for surveillance purposes. It has also been used a censorship tool and has been employed in blocking websites associated with human rights as well as news websites. This includes the PKK (Kurdistan Workers? Party) website, Dutch Broadcast Foundation Website, Wikipedia, HuffPost Arabic, Mada Masr, Aljazeera, Reporters Without Borders and Human Rights Watch.
Between the trickle mode and the spray mode the latter was sparingly used. The former however is being continuously used. Some of the websites that have been cryptojacked with regards to trickle mode include porn site and Per the security researchers internet service providers and telecoms also had a hand in the cryptojacking practice as they were involved in injecting the mining software into the browsers.

Dofoil mining malware

The Citizen Lab report comes in the wake of Microsoft?s security experts disclosing that they prevented a mining malware known as Dofoil from spreading last week. According to the security experts the Trojans were spreading at a rapid rate in Ukraine, Turkey and Russia. Approximately 500,000 computers are believed to have been affected by the cyberattack. The security experts noted that due to the value of cryptocurrencies such as Bitcoin (BTC) mining malware was replacing ransomware in popularity.

Dippli is an independent media outlet that covers the current events in the crypto space. Got breaking news or a story to share? Then feel free to contact us at


Please enter your comment!
Please enter your name here