If proven true, Sandvine\u2019s new \u201crevenue-generation\u201d formula is downright unethical. Since last year, over 5,000 websites including Amazon and Australian government websites have fallen victim to a malware that uses unwitting users\u2019 computers to mine Monero (XMR) for attackers. Back then, the Coinhive malware slipped in these websites through a usability plugin called BrowseAloud. And it looks like cyberthieves are deploying the same malware to mine the same coin, but this time a suspect has been pinpointed. A report by researchers at the Citizen Lab titled, \u201cBAD TRAFFIC\u201d alleges that government-owned company Telecom Egypt had a hand in it, with implications of involvement by network intelligence provider Procera, and its newly acquired corporation Sandvine. Apart from infecting users with Monero-mining CoinHive malware, users are also being wrongly redirected to revenue-generating ads and content\u2014which is one of Sandvine\/Provera\u2019s major business offerings. The Sandvine\/Procera partnership focuses on traffic management, analytics, and revenue generation, among other things. The report says that Sandvine devices are being used to infect users with the malware and to generate revenue through redirects not only in Egypt but also in Turkey and Syria, adding that this \u201craises significant human rights concerns.\u201d According to the report, the researchers found deep packet inspection (DPI) middleboxes on Egyptian government-owned Telecom Egypt which were similar to those found on T\u00fcrk Telekom, and \u201cwere being used to hijack Egyptian Internet users\u2019 unencrypted web connections en masse, and redirect the users to revenue-generating content such as affiliate ads and browser cryptocurrency mining scripts.\u201d In a message to CoinDesk, Sandvine denies the allegations, and says that the company has launched an investigation on the allegations. "Based on a preliminary review of the report, certain Citizen Lab allegations are technically inaccurate and intentionally misleading....We have never had, directly or indirectly, any commercial or technology relationship with any known malware vendors, and our products do not and cannot inject malicious software. While our products include a redirection feature, HTTP redirection is a commodity-like technology that is commonly included in many types of technology products." This isn\u2019t the first time the Egyptian government has been accused of manipulation. In 2016, a report alleged that there were anomalies in networks in Egypt, pointing to censorship and malware injection, as well as interference of secure networks (HTTPS) while enabling connections to unsecured networks (HTTP).