Turkish’s ISPs has deployed special hardware to intercept Internet traffic and injected cryptocurrency mining scripts
Türk Telekom, a Turkish Internet service provider, has deployed special hardware to intercept Internet traffic and replace the software with a version containing spyware.
The Citizen Lab report stated that Türk Telekom deployed Sandvine PacketLogic middleware in five regions of the country. These devices can intercept traffic, allow the ISP to snoop on unencrypted traffic, and even change its content by injecting code.
According to reports, devices deployed on this ISP network have been used to spread malware.
The researchers discovered that the middleware will tamper with the version of FinFisher spyware that users are trying to download from the official website. The researchers then discovered that the malware had changed from FinFisher to another virus named StrongPity.