Cryptocurrency malware infects over 200,000 Mikrotik routers

A "cryptojacking" campaign involved over 200,000 routers produced by Mikrotik, the Latvian networking company.


An exploited one-month vulnerability

Security researchers recently mapped a series of cryptographic attacks, which initially attacked large numbers of users in Brazil to create a growing mining botnet by infecting devices compromised with malware .

According to reports, the targeted devices for attack were Mikrotik routers that had an outdated software patch.

In April 2018, the company patched a remote access vulnerability that allowed hackers to remotely obtain unauthenticated administrative access to Mikrotik routers.

Some security researchers who decoded the Mikrotik patch then published a proof-of-concept exploit that explains how to use the recovered vulnerability to access Mikrotik devices.

 Some security researchers who have decoded the Mikrotik patch have published a concept demonstration to exploit how to explain the recovered vulnerability to access Mikrotik devices.

information was used to infect routers with the code that loads the browser-based CoinHive encryption software.

This happens whenever users access the Internet through routers encounter an HTTP error and are navigating through the Mikrotik proxy.

Coinhive & # 39; s Javascript is injected into web pages that users access on a compromised router. Users then extract Monero for attackers without any knowledge

A threat to cryptography that is a global threat

There have been at least three cryptojacking attacks from this vulnerability that have been noted by researchers so far. The first was recorded in Brazil and reportedly hit more than 183,700 MikroTik routers.

Two other attacks involving respectively 16,000 and 25,000 MikroTik routers mainly in Moldova were registered by another security researcher.

This indicates that this campaign is not limited to a specific geographic region, which has worried analysts and researchers in a general growing trend.

Cryptojacking cases have exploded over the past two years and are emerging as one of the leading cybersecurity threats worldwide, with cases also increasing for traditionally more secure operational security systems such as Linux.

As always in cybersecurity, users are advised to be vigilant especially when they access public networks. Analysts in the cyber security space have also been very clear; If you have a Mikrotik device, immediately apply a patch and update all passwords.

Have you been a victim of the MikroTik router attack or any other cryptocurrency hack? Share your experiences in the comments below.


Images courtesy of Mikrotik.com, Shutterstock

Source link