Citizen Labs unveiled a plan called 'AdHose', in which Egyptian government or government-affiliated telecommunications companies redirect Internet users to sites that infect malicious software that exploited Monero's cryptocurrency without the user’s knowledge. Says: 'In many cases, the middlebox is apparently used to massively hijack the unencrypted network connections of Egyptian Internet users and redirect users to revenue-generating content such as affiliate advertising and browser cryptocurrency mining scripts.
Researchers scanned 5,700 Egyptian user computers in January this year and found that 95% of computers had been implanted with AdHose malware.
Researchers say it is rare to use people’s computers to obtain cryptocurrencies in such large areas.