Nearly half a million MikroTik routers infected by Crypto Mining Malware to Mine Monero (XMR)

[ad_1]
Nearly half a million MikroTik routers infected by Crypto Mining Malware to Mine Monero (XMR)

The encryption epidemic continues this week with the news that 415,000 routers have been infected with cryptographic malware. The targeted routers were quietly diverted to my cryptocurrency without warning users.

The attack was identified by security researcher VriesHD and the Bad Packets Report team, who reported the problem from August 2018.

Hackers are specifically targeted at vulnerable MikroTik routers. The company recently released a patch to solve a known security exploit. Customers and ISPs can adjust exploits within minutes. Unfortunately, hundreds of thousands of routers all over the world remain vulnerable. Many users are unaware that their routers have been compromised. Many ISPs are unaware or indifferent.

When attackers take control of the router using exploit, they immediately install encryption software and then start using your internet connection for cryptocurrency.

The series of attacks began in August 2018, when researchers noticed for the first time that MikroTik routers were targeted. At that point, 200,000 routers infected by crypto-mining malware were discovered.

In recent months the number of infected devices has doubled. Finally, there were 415,000 infected routers all over the world. Although there are infected devices on all continents, most of the infected routers are located in Brazil. Other significant concentrations can be found in Southeast Asia and Eastern Europe.

Attackers use three different security exploits to target vulnerable routers

This latest "cryptojacking" attack involves the use of three different security exploits, although further exploits could be identified in the future. As confirmed in a VriesHD tweet at the start of this week,

"Only three different ways to abuse vulnerable Mikrotik routers to try to extract cryptocurrencies Total combined 415 thousand results Many other active modes."

VriesHD later urged ISPs to take an active position against the problem and reconnect vulnerable routers before releasing them to customers. If ISPs continue to release vulnerable routers to unsuspecting customers, it seems likely that these attacks will continue.

Attackers use a mix of mining cryptographic software

Cryptojacking has been a problem for years. Since 2017, however, attacks have increased worldwide. Initially, the attackers preferred the popular CoinHive cryptography software, which extracted Monero (XMR). Since then, however, hackers have moved to other mining software, including Omine and CoinImp, although CoinHive is still very popular.

We did not find more details about Omine available online. CoinImp, however, is a popular 0% JavaScript mining system available online at CoinImp.com. We have reviewed the software ourselves at the start of this year.

The problem with cryptojacking attacks is that some people use cryptocurrency mining software for legitimate reasons. Some website owners install cryptographic malware as an alternative to traditional advertising systems, for example. This makes it difficult to distinguish malicious mining traffic from legitimate mining traffic.

Download the latest router firmware update to protect yourself

If you have a MikroTik router, you may be vulnerable to the latest cryptojacking attack. If you have not updated your router's firmware in the last few months, you should think that your router is vulnerable.

Downloading the latest router firmware update is never a bad idea. Fortunately for MikroTik router owners, this is the only necessary step to solve the router firmware problem. Download and install the latest firmware update for your device to correct security exploits.

Internet service providers can also take a proactive stance to defend their users from cryptographic attacks. ISPs are the largest distributors of routers and many customers have no idea how to upgrade their routers. ISPs can take a proactive stance by updating routers with the latest firmware before delivering them to customers' homes.

The patch for this specific cryptojacking exploit has been online for months. With a simple patch, ISPs can remove thousands of infected devices from the list. Unfortunately, some ISPs are not willing to prevent the attack or ignore the exploits.

We recommend that you download the latest version of RouterOS for your MikroTik router from the official website here: https://mikrotik.com/download.

[ad_2]Source link