200K MikroTik Routers Hijacked and Turned Into Crypto-Mining ZombiesAug 5, 2018, 7:28AM
The infamous Coinhive miner has been abused once again, this time by a cryptojacker who targeted ISP-grade routers. Will this ever end?
A recent tweet from an independent malware investigator reports a "mass exploitation" of MikroTik routers for the purpose of cryptocurrency mining. The attacker hijacked the routers, then injected the code for the Coinhive miner into web pages served by the routers in question.
Each [MikroTik] device serves at least tens if not hundreds of users daily [...] the attacker wisely thought that instead of infecting small sites with few visitors, or finding sophisticated ways to run malware on end user computers, they would go straight to the source; carrier-grade router devices. / Simon Kenin
The attack that began in Brazil but has since spread worldwide has affected an estimated 175,000 devices, including people who do not use MikroTik routers, as ISPs have been using the compromised routers.
Previously, the Coinhive team has not taken any action beyond terminating the address used in an attack, meaning that the attacker can simply use another. In fact, a second Coinhive address has already been introduced to attack MikroTik routers, bringing the number of compromised devices up to 200,000.
It’s not clear if this is the same attacker or a copycat, but it seems unlikely that this type of attack will end any time soon. Coinhive mines Monero, which has built-in anonymity and privacy, making it more difficult to trace than Bitcoin and the source of the attacks are rarely found.
Disclaimer: information contained herein is provided without considering your personal circumstances, therefore should not be construed as financial advice, investment recommendation or an offer of, or solicitation for, any transactions in cryptocurrencies.