google-site-verification: google30a059f9a075f398.html

ISPs Caught Injecting Cryptocurrency Miners and Spyware In Some Countries

CyberWisdom Safe Harbor Commentary:

This story from encourages a revealing story on the Turkish and Syrian governments have been hijacked by local Internet users, secretly infiltrating malware monitoring, and the same large-scale interception technology has been discovered, secretly injecting browser-based cryptocurrency mining scripts in Egyptian user traffic.

The government or related agencies and Internet service providers in these three countries are using deep packet inspection technology from Sandvine (which was merged with Procera Networks last year) to intercept and change Internet users’ network traffic.
Deep Packet Inspection technology allows ISPs to prioritize, downgrade, block, inject and record various types of Internet traffic. In other words, they can analyze each packet to see what you are doing online.

According to a new report from Citizen Labs, the Turkish telecommunications network uses Sandvine PacketLogic devices to redirect hundreds of target users (reporters, lawyers and human rights defenders) to malicious versions of legitimate programs bundled with FinFisher and StrongPity spyware. At that time they tried to download from official sources.

Monitoring spyware

“This redirection is possible because of the official website of these programs, although they may support HTTPS, but by default users point to non-HTTPS downloads,” the report writes.
A similar activity was also discovered in Syria, where Internet users were quietly redirected to malicious versions of popular applications, including Avast Antivirus, CCleaner, Opera, and 7-Zip applications bundled with government spyware. program.
In Turkey, Sandvine PacketLogic equipment was used to block websites like Wikipedia, the Netherlands Broadcasting Foundation (NOS) and the PKK website.
ISP Injects Password Mining Script into User’s Web Browser
Sandvine – PacketLogic Devices
However, in Egypt, Sandvine PacketLogic equipment is being used by telecom operators to make money by:

To mine Mundell’s cryptocurrency, secretly inject a cryptocurrency mining script into every HTTP page the user visits.

Redirect Egyptian users to webpages through affiliate ads.

In Egypt, these devices were also used to stop human rights, political and news media such as Al Jazeera, HuffPost Arabic, Reporters Without Borders and Mada Masr, and non-governmental organizations such as Human Rights Watch.

The Citizen Lab’s researchers reported their findings to Sandvine, but the company called their reports “false, misleading, and wrong” and asked them to return the second-hand PacketLogic devices they used to confirm their fingerprints.
In September last year, ESET researchers released a report. The Citizens Laboratory started the survey last September. The report shows that it has been reported that several popular downloads have been made at the ISP level in two (unnamed) countries. App to distribute FinFisher spyware.

Read More…

Governments in Turkey and Syria have been caught hijacking local internet users’ connections to secretly inject surveillance malware, while the same mass interception technology has been found secretly injecting browser-based cryptocurrency mining scripts into users’ web traffic in Egypt. Governments, or agencies linked to it, and ISPs in the three countries are using Deep Packet Inspection Engaging post, Read More…

thumbnail courtesy of

If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post » ISPs Caught Injecting Cryptocurrency Miners and Spyware In Some Countries