ETHERLive delivers real-time price and volume data across 16+ exchanges to users in a clear and easy-to-understand package. Users can get up-to-the-second updates for each exchange/currency pair, as well as aggregated market averages for each exchange, currency, and the market as a whole. It also provides a global converted average of all the currency pairs monitored by ETHNews, converted to USD.


24hr ---

The Basics

Learn the basics of Ethereum and various cryptocurrency technologies

Learn More

What is Ethereum?

Understand the underlying principles of the Ethereum Platform

Learn More

The Blockchain

Discover the revolutionizing technology known as the blockchain

Learn More

Press Release

Submit a press release for consideration on ETHNews

Submit Press

Story / Dapp

Submit a story or DAPP to be considered for publication on ETHNews.

Submit Story


Submit "Ethereum Explainer" content for consideration to be featured on ETHNews

Submit Topic
ETHNews Logo
Ether Price Analysis
Contact Us

Citizen Lab Investigation: Malware Used To Covertly Mine Cryptocurrency In Egypt




A bombshell investigation by the University of Toronto’s Citizen Lab reveals startling evidence that sophisticated malware developed by a Canadian software firm was disseminated through a prominent Egyptian telecom company, infecting user devices with cryptocurrency mining scripts.

A detailed investigative report published today by Citizen Lab at the University of Toronto's Munk School of Global Affairs describes what might be the new standard in a long line of malicious cryptocurrency mining schemes.

The report summarizes how "middlebox" technology – created by the Canada-based Sandvine Corporation – was used to "deliver nation-state malware in Turkey and indirectly into Syria, and to covertly raise money through affiliate ads and cryptocurrency mining in Egypt."

Middleboxes are a type of software tool used to conduct what is known as deep packet inspection (DPI), which is a way to thoroughly scrutinize internet data. Sandvine calls its DPI product PacketLogic.    

Citizen Lab used a technique known as internet scanning to track middlebox activity on Türk Telekom, Turkey's formerly state-run telecommunications company (which has since been privatized), and create a digital profile of that activity. That profile, essentially a digital fingerprint, was compared against that of Egypt's primary telecom company, Telecom Egypt.  

When Telecom Egypt's profile was found to be similar to Turkey's, Citizen Lab created a control group to verify its suspicions. The report states, "We developed a fingerprint for the injection we found in Turkey, Syria, and Egypt and matched our fingerprint to a second-hand PacketLogic device that we procured and measured in a lab setting."

"On a number of occasions, the middleboxes were apparently being used to hijack Egyptian Internet users' unencrypted web connections en masse, and redirect the users to revenue-generating content such as affiliate ads and browser cryptocurrency mining scripts."

Citizen Lab concluded, "DPI equipment that matches our Sandvine PacketLogic fingerprint is installed on Telecom Egypt's network at Egypt's borders, and is used to deliver affiliate ads, cryptocurrency mining scripts, and perhaps nation-state spyware, to Egyptian Internet users."

Jordan Daniell

Jordan Daniell has a passion for techno-social developments and cultural evolution. In his spare time, he enjoys astronomy, playing the bagpipes, and exploring southern California on foot. Jordan holds value in Ether.

ETHNews is committed to its Editorial Policy

Like what you read? Follow us on Twitter @ETHNews_ to receive the latest , or other Ethereum technology news.