The wave of so-called cryptojacking continues, with India being the latest focus of reports of mass infections of commercial router software in order to secretly mine the privacy-centric Monero (XMR) cryptocurrency.
Security analysts posted details saying that up to 30,000 devices in India are infected with CoinHive software, a freely available mass-mining script. Cryptojacking is the unauthorized use of a computer to mine cryptocurrency. The practice has boomed in 2018 and been described as rampant, although ZDNet recently speculated that the trend may be in decline.
Alarmingly, the Latvian-manufactured MikroTik brand routers being exploited for the clandestine mining are being distributed by huge telecoms companies in India, seemingly unaware of the problem. The top three ISPs serving infected devices are Honesty Net Solution, Elxire Data Services, and Gigantic Infotel Pvt. according to Banbreach, a cybersecurity research group. Delhi, India’s capital, is the worst-hit city in the country.
A search by ASN shows almost all major ISPs are impacted. @hathwaybrdband, @BSNLCorporate and Reliance Communications (@RelianceMobile) appear in the top 10. @VodafoneIN, and @airtelindia appear to have ~200 infected routers each. pic.twitter.com/kbC5CkcwgD— Banbreach (@Banbreach) October 5, 2018
MikroTik routers have recently become notorious for their security vulnerabilities. As CryptoGlobe reported in August, nearly 200,000 infected MikroTik routers all around the world were redirecting users’ traffic to secretly mine XMR.
Worse, 370,000 of the devices around the world were still unpatched and vulnerable as of September 5.
All Eyes on Monero
Volunteers from the Monero community, in response to the widespread usage of its privacy-focused cryptocurrency in such illicit activity, recently announced the creation of the Monero Malware WorkGroup, aiming to provide tools and assistance for protecting users against security threats, as reported last month by CryptoGlobe.
The XMR currency itself is a subject of controversy because of its anonymous capabilities. Japanese regulators earlier this year were pushing to get Monero and other privacy coins off exchanges, citing their potential usage in money laundering. A September article in the Wall Street Journal repeatedly underlined XMR’s use in money laundering and other illicit financial activity.