Internet users in Turkey and Syria who downloaded Windows applications such as Avast Antivirus, CCleaner, Opera, or 7-Zip were unknowingly redirected to malicious versions with malware, the University of Toronto’s Citizen Lab claimed in a study published Friday.
The report – which calls this scheme “AdHose – explained:
“We found that a series of middleboxes on Türk Telekom’s network were being used to redirect hundreds of users attempting to download certain legitimate programs to versions of those programs bundled with spyware….We found similar middleboxes at a Telecom Egypt demarcation point. The middleboxes were being used to redirect users across dozens of ISPs to affiliate ads and browser cryptocurrency mining scripts.”
Telecom Egypt is a major state-owned telecommunications company, and the middleboxes in question include Sandvine PacketLogic devices, which have been associated with government surveillance in Turkey and Syria. The researchers’ regional network sweep in January found 5,700 devices affected by AdHose…