Hackers use 200,000 insecure Brazilian routers to mine cryptocurrencies

The attack exploits a flaw that was previously patched

CoinHive is a tool that allows web browsers to mine for cryptocurrencies in the background

Hackers are using a network of vulnerable routers to spread crypto-mining malware to unsuspecting users, security researchers have discovered.

An unknown cyber criminal (or possibly a network of cyber criminals) is using a flaw in more than 170,000 routers manufactured by MikroTik to run scripts on the computers of unsuspecting victims which mine cryptocurrencies for the hacker, according to TrustWave researcher Simon Kenin.

The attack uses a previously-discovered flaw - which has since been patched by MikroTik - to inject a mining script from CoinHive into the browser of anyone connected to an infected router. Most of the affected devices are located in Brazil, but Kenin warned that the attack has been observed in other places as well.

Another researcher, Troy Mursch, also observed a similar case in Moldova involving more than 25,000 MikroTik routers running CoinHive scripts. It is currently unknown whether the two attacks are connected.

Advertisement
Advertisement - Article continues below

The security flaw that allows the routers to be exploited has now been addressed by MikroTik, but numerous devices remain unpatched. This is a big problem, Kenin explains, as MikroTik manufacture high-end equipment that is often used by ISPs, web companies and businesses.

"Let me emphasize how bad this attack is," he said. "The attacker wisely thought that instead of infecting small sites with few visitors, or finding sophisticated ways to run malware on end user computers, they would go straight to the source; carrier-grade router devices."

"There are hundreds of thousands of these devices around the globe, in use by ISPs and different organizations and businesses, each device serves at least tens if not hundreds of users daily."

Featured Resources

The essential guide to cloud-based backup and disaster recovery

Support business continuity by building a holistic emergency plan

Download now

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

How do vulnerabilities get into software?

90% of security incidents result from exploits against defects in software

Download now

Delivering the future of work - now

The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.

Download now
Advertisement

Recommended

Visit/malware/33080/hackers-abuse-linkedin-dms-to-plant-malware
malware

Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/antivirus/28144/best-antivirus
antivirus

Best antivirus for Windows 10

3 Sep 2019
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

8 Mar 2019

Most Popular

Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/cloud/amazon-web-services-aws/354223/what-to-expect-from-aws-reinvent-2019
Amazon Web Services (AWS)

What to expect from AWS Re:Invent 2019

29 Nov 2019
Visit/hardware/354232/raspberry-pi-4-owners-complain-of-broken-wi-fi-when-using-hdmi
Hardware

Raspberry Pi 4 owners complain of broken Wi-Fi when using HDMI

29 Nov 2019
Visit/mobile/google-android/354189/samsung-galaxy-a90-5g-review-simply-the-best-value-5g-phone
Google Android

Samsung Galaxy A90 5G review: Simply the best value 5G phone

22 Nov 2019