According to a new report, around 415,000 routers throughout the world are infected with malware having the potential to steal computer resources and discreetly mine for the cryptocurrency. The campaign is an active one and it primarily targets MikroTik routers.
Researchers claim that the cryptojacking attacks started in August and in the first string of attacks, about 200,000 devices got infected. Since then, the number has doubled. It is worth noting that MikroTik routers are the most widely used ones in the world and most internet service providers and organizations use them. It becomes apparent with so many infected devices that many of the users of MikroTik routers haven’t installed the latest firmware update.
Despite that, the threat is expanding but its targeting of MikroTik users indicates that a number of infected devices could have been higher if it was targeting other brands too. However, still, the number of affected devices is high, The Next Web reported.
It is also identified that a majority of the infected devices are located in Brazil. But, the scope of infection is expanding quickly as new infected devices are located almost everywhere in the world including Europe, North America, South America, the Middle East, Asia, and Africa.
The main mining software used in this campaign is CoinHive, which is a privacy-oriented Monero miner. However, researchers have discovered other mining software in the campaign as well.
Attackers are exploiting a directory traversal vulnerability present in WinBox interface of the older versions of MikroTik routers, MikroTik RouterOS through 6.42, to inject Coinhive script on the webpages that the user visits. Exploiting the vulnerability, unauthenticated remote attackers can read arbitrary files while authenticated remote attackers can write arbitrary files.
Update your MikroTik routers to the latest firmware
Luckily, a patch is already released by MikroTik to protect vulnerable routers from the cryptojacking campaign. It is recommended that MikroTik router users immediately download and install the latest firmware from the company’s official website to address the looming threat.