Hidden mining Monero covered more than 200,000 MikroTik routers around the world
A few months after was released security enhancements for MikroTik routers, hundreds of thousands of device users who have not installed the update became an unwitting miners anonymous cryptocurrency Monero.
Known as CVE-2018-14847, security bug in the MikroTik routers is used to set mining script Coinhive for mining Monero. According to cyber security experts from SpiderLabs, hacker attacks remain exposed to tens of thousands of faulty routers in Brazil, installed the patch and more than 200 thousand are not updated devices, this number is constantly growing as the spread of the virus around the world.
Weakness in MikroTik-routers allows to bypass the authentication device that can read and modify any of the available files. The virus was discovered in April of this year, and the manufacturer of the router shortly thereafter issued a patch patch.
Initially, when the first version Coinhive script was discovered, was affected more than 175,000 routers from Brazil, the new key of the same script for hidden cryptocurrency mining using routers still affects about 25 000 routers in Eastern Europe. It is unclear whether the new attack on the routers responsible the same attacker.
Trying to reduce the chances of detection, the attacker currently has configured the installation and operation scripts for covert mining on the web-pages of errors. Another method used by attacker to impede virus detection, include the delete command of the data after the compromise of routers to minimize the digital footprint.
Although this campaign cryptkicker focused on Brazil, it is also spreading around the world with the possibility of compromising many other MikroTik routers. It is expected that a significant number of MikroTik routers around the world were not patched, even after four months after it was released update.
“There are hundreds of thousands of unpatched devices worldwide, each device maintains at least dozens, if not hundreds of users a day,” said Simon Kenin, a specialist in cybersecurity at SpiderLabs.
In July it became known that the Chinese virus-miner has infected over a million computers, earning its creators more than $ 2 million in two years.
We will remind, according to the study, on the 9th of July 2018 worldwide were infected mining scripts over 30,000 sites.
Subscribe to Bitnovosti telegram!
Share your opinion about this news in the comments below.