415,000 MikroTik Routers Infected with Cryptojacking Malware

The cryptojacking malware was first discovered in August, and the number of affected routers has more than doubled since then

Researchers have discovered that over 415,000 routers across the globe have been infected with cryptojacking malware that allows hackers to secretly mine cryptocurrency by stealing the computing power of computers connect to the routers.

The cryptojacking malware was first discovered in August, and the number of affected routers has more than doubled since then. In August it was reported that around 200,000 routers were affected.

The attack affects MikroTik routers in particular. Initially, most of the compromised routers were concentrated in Brazil. However, according to the reports, the number of infected devices has expanded worldwide including routers in North America, South America, Africa, Europe, the Middle East, and Asia.

Hackers were able to inject Coinhive script onto every webpage that a user visits by exploiting a security flaw in older versions of the router’s firmware.

MikroTik has released a patch within a day of discovery and it is highly suggested that customers of MikroTik should immediately install the latest firmware in order to protect their devices.

Manish Kumawat, director at Cryptus Cyber Security Pvt Ltd, said: "It was found that malware origin compromised routers were located in Brazil. After that with spreading of this malware threat, it is observed that routers in Africa, North America, South America, Europe, the Middle East and Asia have also been infected. MikroTik routers have the great market area, and many internet service providers and organization use it. The spread of router infection up to such a great extend shows that many of organizations had not installed the latest firmware of router.

"The hackers have exploited the security flaw in the older version of the router’s firmware. Through use of exploit, hacker was able to inject Coinhive script onto every web page that a user visit.

"In spite of all this, the great thing is that a patch was made immediately within a day of discovery to safe the affected routers of the crypto jacking malware. All Security Experts recommend that MikroTik users must update their routers with the latest firmware to stay safe from malware.

"The main relax point of crypto jacking attack was that, it doesn’t compromise a any of personal information or transmitted any on the network. Crypto jacking attack is mainly used by hacker to use computing power and resources for mining of crypto currency.

Ankush Johar, director at Infosec Ventures, added: "Even though the patch has been released, it won’t be of much help because most standard users never care to update their routers even if they know how to. Router companies are slowly shifting to auto-updating frameworks but that is a meta shift which won't happen so quickly and till then, router exploits will be as deadly as any other hardware based exploit as majority of the users will stay vulnerable for years to come.

"Once a router gets hacked/exploited, cryptojacking is just only one possible attack scenario. In real life, an attacker gets a much wider access and can literally steal all information of the users and the websites they are browsing.

"Users are suggested to update their router by logging into the admin panel of the router and click on firmware update or router update."

Tags assigned to this article:
MikroTik routers Cryptojacking Malware


Around The World