Five South Korean citizens have reportedly been arrested for allegedly installing crypto mining malware on over 6,000 computers.

Local authorities and the Korean National Police Agency Cyber Bureau released an official statement in which they noted that the five men had sent 32,435 emails – which contained the mining malware programs for desktop users.

The police investigation also revealed that the hackers were led by 24-year-old South Korean citizen Kim Amu-gae. In order to install the mining malware, the hackers reportedly posed as employers while sending thousands of emails to job applicants.

The victims’ email addresses were obtained from lists of job applicants who had applied to large technology firms in South Korea. Police officials said the hackers found the lists on various local recruitment websites and online job forums.

Anti-Virus Programs Remove Mining Malware

South Korean authorities suspect that the accused sent emails which contained crypto mining malware, however, it was disguised as documents that the job applicants were told to review. After the users downloaded the attachments, the malicious mining scripts started running on their PCs.

Most of the targeted users had installed the latest anti-virus software on their computers, so the mining malware was automatically deleted from their hard drives within a few days.

Commenting on the successful efforts of internet security firms and anti-virus solution providers, local police said:

Because cyber security firms and anti-virus software operators responded quickly to the distribution of mining malware, the group of hackers were not able to generate a significant revenue from their operation. In most cases, anti-virus software detected the malware within three to seven days. If the malware was detected, the hackers sent new malware, but it was detected again by anti-virus software.

South Korean Police

Only Able To Generate $1,000 From Large-Scale Malware Attack

Notably, the cybercriminals only made about $1,000 from a large-scale malware attack that they appeared to have been planned quite carefully. Although the malicious mining scripts were downloaded by thousands of unsuspecting users, the malware was unable to do any significant damage as most users had secured their PCs with advanced anti-virus software.

Officials investigating the incident noted:

Crypto jacking significantly reduces the performance of computers and if exposed to institutions, it could have a serious effect on the society. PC users must have secure anti-virus software in place and update browsers frequently. Also, if the performance of a computer suddenly drops, users will have to suspect the presence of mining malware.

South Korean Police

In most cases, malware containing mining scripts tries to mine privacy-oriented Monero (XMR). However, due to the increasing availability of high-end GPUs and more powerful mining hardware for PCs, it has now become more difficult for regular desktop computers to mine XMR.