Cybersecurity researchers have uncovered a new technique used by hackers to deliver malware, specifically targeting crypto mining. This method, involving automated email replies, has been employed to stealthily infect systems with XMRig, a crypto-mining application. According to the cybersecurity firm Facct, hackers exploited compromised accounts’ auto-reply emails to target Russian companies, marketplaces, and financial institutions.
Facct’s team revealed that the attack aimed to install the XMRig miner on victim devices to mine Monero, a popular privacy-focused cryptocurrency. Since the end of May, researchers identified 150 emails containing XMRig-related malware. Fortunately, Facct’s business email protection system successfully blocked these malicious emails before they could infect its clients’ systems.
The Danger of Auto-Replies in Cyberattacks
One of the most concerning aspects of this malware delivery method is that victims unwittingly initiate the communication. Unlike traditional phishing attacks where users may disregard unsolicited emails, this tactic exploits an already established line of communication. When victims send emails to a compromised account, they are likely to receive an automated reply containing malware, making them less suspicious of the attachment or link.
Facct’s senior analyst, Dmitry Eremenko, highlighted this danger: “In this case, although the letter does not look convincing, communication has already been established, and the file distribution may not arouse particular suspicion.” As a result, unsuspecting users are more prone to downloading malicious software, allowing hackers to initiate crypto-mining activities on their devices without their knowledge.
Preventive Measures to Mitigate the Risk
To combat this growing threat, cybersecurity experts strongly recommend regular training sessions for employees, emphasizing the importance of awareness and vigilance in handling suspicious emails. In addition, adopting security practices like strong passwords and multifactor authentication (MFA) can greatly reduce the risk of compromised accounts.
Ethical hacker Marwan Hachem has also suggested using different communication devices for sensitive data, which can help isolate malicious software and prevent hackers from gaining access to a user’s primary system.
XMRig: A Tool Misused by Hackers
XMRig, the software at the centre of this attack, is an open-source application designed to mine Monero. Although legitimate, it has been increasingly exploited by hackers since 2020. In previous instances, malware such as “Lucifer” and “FritzFrog” targeted vulnerable systems to secretly install XMRig miners, allowing attackers to profit from covert mining operations.
Companies must remain vigilant to prevent these sophisticated attacks from infiltrating their systems, which can lead to financial losses and security breaches.