200,000 MikroTik Routers hijacked for cryptocurrency mining

in #mikrotik6 years ago

Brazil  has been attacked by a well-designed cryptocurrency attack that has  infected hundreds of thousands of routers across the country. The  offense is still in progress, mainly affecting the MikroTik router. In  this case, more than 200,000 machines were affected, creating a vast XMR  cryptocurrency mining botnet across Brazil.


The perpetrator can infect the device with malicious  code and secretly run CoinHive in the background. For those unfamiliar,  CoinHive is a favorite Monero mining script that has been widely used  to exploit cryptographic currency to exploit cryptographic currency,  which often uses for philanthropy, but unfortunately this time it is  not.This type of attack is known as a zero-day attack, exploiting  previously unknown code vulnerabilities. This zero-day allows CoinHive  to run on every page accessed by the exposed machine. There may be  millions of websites loading these cryptocurrency computing loads every  day.

According to Trustwave, “Initial investigation indicates that  instead of running a malicious executable on the router itself, which is  how the exploit was being used when it was first discovered, the attacker used the device’s functionality in order to inject the CoinHive script into every web page that a user visited.”

The attack began earlier this week and is believed to be in its early stages. BleepingComputer reported that it launched a second attack, bringing the total number of affected machines to more than 200,000.

Therefore, for the network administrator, it is necessary to pay  particular attention to the MikroTik router used in the network, and  timely check whether the router has installed the system patch in time.  This is not the first time that the MikroTik router has become the  target of malware. In March of this year, there was also a cybersecurity  incident in which hackers spread and installed spyware on users’  computers through the loopholes of the router.