Mikrotik Routers Infected with Cryptocurrency Malware

Karan Balwani

August 7, 2018 2:47 pm

Cryptocurrency Hack

Mirkrotik Routers Infected with Cryptocurrency Malware
10555 Total Views

A significant number of internet users in Brazil were recently infected by a malware. This malware was used to gain unauthorized access to carry out cryptocurrency mining.

Cryptojacking has been an increasingly popular way for cybercriminals to mine cryptocurrencies. CBS’s Showtime employed the mining through their website recently.

The devices targeted for this hack was Mikrotik routers. Although the software vulnerability was patched by the company in April 2018, the users who did not update their router’s software fell victim to this attack.

A group of security researchers reverse engineered the patch by Mikrotik and published a proof-of-concept exploit to showcase how the process can be used to gain access to Mikrotik devices. This information was misused by ill-intended people to infect these routers with CoinHive, the browser-based crypto-mining tool.

Whenever the user tries to access the internet through the router, an HTTP error was faced. CoinHive’s Javascript is injected into the pages of the web page and is then employed to mine Monero on the user’s computer.

There have been at least 3 such incidents of cryptojacking attacks that employed this router vulnerability. The first wave of attacks affected over 183,700 Mikrotik routers.

Cryptojacking is quickly emerging as a global threat to users. In fact, it has grown to a point where even Linux users are under threat.

Mikrotik has advised its users to update their router software and update any existing passwords to safeguard their privacy.

No Comments