A new report from the University of Toronto’s The Citizen Lab detailed the results of a recent investigation into “nation-state malware” in Egypt and Turkey. Investigators reportedly found evidence that both nations’ governments have been using malware to redirect their citizens’ computers. The Egyptian government scheme apparently redirected computers to mine Monero:
“On a number of occasions, the middleboxes were apparently being used to hijack Egyptian internet users’ unencrypted web connections en masse, and redirect the users to revenue-generating content such as affiliate ads and browser cryptocurrency mining scripts.”
The Citizen Lab’s research included a scan of about 5,700 Egyptian IP addresses. Researchers discovered that roughly 95% of those addresses had experienced redirection to ad content. According to the report, the middlebox used for this revenue-generating scheme, which The Citizen Lab has dubbed “AdHose” is also being used by the government to censor various websites throughout Egypt.
The Citizen Lab report suggests that the middleboxes used in both Turkey and Egypt have characteristics matching Sandvine Packetlogic devices. Sandvine has reportedly denied that its products possess the capabilities described in the report.