200K MicroTik Routers Hijacked and Turned Into Crypto-Mining Zombies

200K MicroTik Routers Hijacked and Turned Into Crypto-Mining Zombies
Aug 05, 2018 02:22 PM By: Art Vasquez | 11029 Views

The infamous Coinhive miner has been abused once again, this time by a cryptojacker who targeted ISP-grade routers. Will this ever end?

A recent tweet from an independent malware investigator reports a "mass exploitation" of MicroTik routers for cryptocurrency mining. The attacker hijacked the routers, then injected the code for the Coinhive miner into web pages followed by the routers in question.

200K MicroTik Routers Hijacked and Turned Into Crypto-Mining Zombies

Although Coinhive can be legitimately used, the fact that Coinhive runs on JavaScript and is easy to implement makes it a frequent tool of cryptojackers. Although this is not the first attack of this type, it is one of the most successful. Typically, crypto jacking is performed by spreading viruses, bundling a miner with software, or individual hacking websites. This attack approached things differently. 

Each [MicroTik] device serves at least tens if not hundreds of users daily [...] the attacker wisely thought that instead of infecting small sites with few visitors or finding sophisticated ways to run malware on end-user computers, they would go straight to the source; carrier-grade router devices. / Simon Kenin

The attack that began in Brazil but has since spread worldwide has affected an estimated 175,000 devices, including people who do not use MicroTik routers, as ISPs have been using the compromised routers.

Previously, the Coinhive team has not taken any action beyond terminating the address used in an attack, meaning that the attacker can easily use another. In fact, a second Coinhive address has already been introduced to attack MicroTik routers, bringing the number of compromised devices up to 200,000.

It’s not clear if this is the same attacker or a copycat, but it seems unlikely that this type of attack will end any time soon. Coinhive mines Monero, which has built-in anonymity and privacy, making it more difficult to trace than Bitcoin and the source of the attacks are rarely found.

#Crypto-Mining #Zombies #MicroTik #MicroTik Routers Hijacked #Cryptojacker #Coinhive miner #Coinhive

RELATED ARTICLES


ICOs List

camp