Researchers have found thousands of MikroTik network routers in Brazil serving CoinHive code for coin encryption.
Trustwave researcher Simon Kenin said this week that one or more attackers exploited a known vulnerability in Mikrotik's corporate routers to inject code-based error pages that used visitors' machines to extract digital dosh from the villains.
Kenin states that the attackers ran an exploit script to get admin access on the destination routers, then install a custom page that will show up at any time error occurs on the inside of this page c & # 39; is the actual code that exploits any remaining computing power on the navigation computer to extract the cryptographies and then transmit them to an address controlled by the attacker.
The exploit itself is not exactly new and it's hard to blame the seller in this case. The targeted vulnerability was patched by MikroTik in April, a few days after the first report. Unfortunately, administrators have been slow to fix the bug on their devices.
"A credit of MikroTik, they corrected the vulnerability within a day of its discovery, but unfortunately there are still hundreds of thousands of devices without patches (and therefore vulnerable) out there, and tens of thousands of them are only in Brazil ", noted Kenin.
So far, Kenin said, the attacks are geographically limited to systems in Brazil, although they seem to spread to other places. Also, Kenin has discovered, even servers connected to the router will end up injecting the code into other Web pages.
The ransomware is so 2017, it's all now encrypted among the script kiddies
READ MORE  "This means that it also affects users who are not connected directly to the infected router's network, but also to users who visit websites behind these infected routers," said Kenin.
"In other words, the attack works
This is a problem because MikroTik routers are used by a number of large companies, including ISPs
" I would like to stress how serious this is attack. The attacker wisely thought that instead of infecting small sites with few visitors or finding sophisticated ways to run malware on end users' computers, they would go straight to the source: carrier-grade router devices, "said Kenin.
There are hundreds of thousands of devices worldwide, in use by ISPs and various organizations and companies, each device serving at least tens if not hundreds of users per day. "
Kenin advises anyone using a MikroTik device to update their firmware as soon as possible to ensure that their systems are protected against the exploits used to install the mining code. ®