Over 170,000 routers manufactured by MikroTik, a Latvian company that develops wireless ISP systems, are reportedly being exploited by hackers to mine cryptocurrencies.
Simon Kenin, a security researcher at TrustWave, revealed an unidentified entity appears to be taking advantage of a design flaw in MikroTik’s routers to run malicious cryptocurrency mining scripts on the computers of unsuspecting users.
Maliciously Mining Monero
According to reports, most targeted computers belong to users in Brazil. Kenin pointed out, however, that similar attacks were taking place in other locations. Troy Mursch, another security professional, said that these types of attacks have become common in Moldova where over 25,000 MikroTik routers had been used to run Coinhive’s crypto mining scripts.
“Hundreds Of Thousands” Of Affected Routers
Currently, it isn’t clear whether there’s a connection between the attacks in Brazil and those observed in Moldova. MikroTik has attempted to fix the vulnerability, but a large number of devices remain affected.
Kenin noted these attacks are a serious issue because MikroTik’s high-end routers, as well as other hardware, is used by various businesses, large organizations, and ISPs. The security expert stressed the problem’s severity, saying:
Let me emphasize how bad this attack is. The attacker wisely thought that instead of infecting small sites with few visitors, or finding sophisticated ways to run malware on end user computers, they would go straight to the source; carrier-grade router devices.
He further explained that there are “hundreds of thousands” of affected routers throughout the world and that “each device serves at least tens if not hundreds of users daily." In February, CryptoGlobe reported that government websites had been infected with cryptocurrency mining malware, which included UK’s official National alth Service (NHS) website.
A month later, in March, the Egyptian government was found to be secretly mining cryptocurrencies by using its citizens’ computers. At the time users were being redirected to malicious websites that were mining Monero through Coinhive’s scripts.