Hackers Employ Crypto-Mining Malware to Contaminate More Than 210K Mikrotik Routers

Security researchers recently uncovered a surge of attacks wherein hackers exploited many vulnerable routers forming a network for proliferating crypto-mining malicious program among unwitting end-users. The researchers found that three-or-more massive malware attacks referred to as Coinhive chiefly targeted routers in Moldova and Brazil. The routers called MikroTik under Latvia's ownership were being targeted so that hackers could utilize the technology for clandestinely loading digital currency miners onto the PCs to which the routers were plugged.

Hacker News reports that the malware campaign impacted over 210,000 routers that MikroTik the Latvian provider of network hardware sold worldwide, while the number is going on increasing. Simon Kenin researcher from TrustWave explains that some unidentified cyber-criminal has been exploiting vulnerability in MikroTik routers for executing codes on PCs belonging to unwitting victims that steal crypto-currencies which ultimately go into the hackers' wallet.

The vulnerability within MikroTik routers being exploited affects the routers' Winbox component. It was unearthed during April 2018, but since fixed. Although the security patch for the vulnerability from MikroTik now exists, still numerous devices are yet to be patched. According to Kenin, this is indeed one major problem, since MikroTik is a producer of sophisticated equipments which businesses, web companies and ISPs generally use. The vulnerability, if successfully exploited, can let any attacker acquire illegitimate, remote administrative admission into the flawed MikroTik routers.

Evidently, Brazil is the country which houses the majority of the impacted routers. The initial attack, which TrustWave security experts observed, started with attacking Brazil located networking devices, when the hackers hijacked over 183,700 MikroTik routers. When Coinhive malware utilized the exploitative techniques it as well implied that visitors to the websites that were active because of MikroTik's routers, indeed infected, too became contaminated with the same crypto-currency mining malware.

Meanwhile, other hackers too are currently beginning towards exploiting the security flaw in MikroTik routers. Consequently, the hack keeps on proliferating globally. Security Investigator Troy Mursch recently spotted 2 likewise malware campaigns which separately contaminated 16,000 and 25,000 MikroTik routers, most of them inside Moldova, with the malware being a crypto-currency mining script belonging to the notorious Coinhive service.

» SPAMfighter News - 8/14/2018