Researchers Claim 400,000+ MikroTik Routers Infected With Mining Malware

- Advertisement -

December 7, 2018 12:36 AM

MikroTik mining malware was first discovered in Brazil in August, but the virus continues to spread all over the world.

Malware that specifically targets MikroTik routers could now be affecting more than 415,000 routers across the globe, according to a December 2 tweet from VriesHD.

The malware, which typically uses software to secretly mine Monero, was first discovered in Brazil in August.

According to Bad Packets LLC, a security research firm, over 170,000 routers in Brazil were infected with the mining malware. Security researcher Simon Kenin of cybersecurity firm Trustwave described the attack by saying:

“The attacker wisely thought that instead of infecting small sites with few visitors or finding sophisticated ways to run malware on end-user computers, they would go straight to the source: carrier-grade router devices.”

According to Bad Packets, the epidemic is spreading – by August 25, those infected included approximately 3,000 MikroTik routers in the US containing IP addresses assigned to internet service provider Cogent. A month later, over 600 routers belonging to the Douglas County Public Utility District in north-central Washington state were infected with the malware. According to Bad Packets, “39% of the IPs they manage route to a compromised device.”

- Advertisement -

While research shows that Coinhive is used in most of these instances, during the largest “campaign” CoinImp software was used to infect 115,000 routers. And in September, Bad Packets pointed out more malware targeting MikroTik routers, this one injecting MinerAlt software, which is also used to mine Monero, to steal 30 percent of users’ mining revenue. To avoid detection, “Infected routers in this campaign are configured to throttle the CPU usage of the victims’ devices… the amount of CPU power used for mining cryptocurrency is roughly 80%.”

Although those responsible for the malware cleverly evolve their methods to circumvent discovery, there is at least one patch victims, internet services providers, and MikroTik router owners can use to protect themselves. And it was actually released way back in April. MikroTik’s patch, which intended to “fix a zero-day vulnerability exploited in the wild,” was released after users of a Czech tech forum spotted malware mining attacks targeting a remote management service called Winbox, which is included with all MikroTik routers. The service allows users to configure devices.

However, even after multiple warnings to upgrade routers – from MikroTik and security researchers, a large number of devices could still be infected. According to a September tweet from Bad Packets, several hundred thousand hosts were still compromised. 

- Advertisement -

Describing the challenge of upgrading one’s router, a researcher from VriesHD told Hard Fork:

“Users should indeed update their routers, yet the biggest bunch of them are distributed by ISPs to their customers, who often have no idea what to do or how to update the router. Often these distributed routers are limited in their rights as well, not allowing users to update the routers themselves. The patch for this specific problem has been out for months and I’ve seen ISPs with thousands of infections disappear from the list. Unfortunately, it appears tons of ISPs simply won’t take action to mitigate the attacks.”

Nathan Graham is a full-time staff writer for ETHNews. He lives in Sparks, Nevada, with his wife, Beth, and dog, Kyia. Nathan has a passion for new technology, grant writing, and short stories. He spends his time rafting the American River, playing video games, and writing.

Like what you read? Follow us on X @Bitnewsbot to receive the latest MikroTik, Monero or other Ethereum technology news.



Previous Articles:

- Advertisement -

Latest News

Solana ETF With Staking Launches, But Institutional Demand Low

Solana’s ETF debut with staking attracted early attention but did not lead to strong...

Ether.fi’s crypto credit card tops $10M in daily transaction volume

Ether.fi’s crypto-native credit card exceeded $10 million in daily transaction volume on June 30.The...

Burwick Law Seeks to Serve Ponzi Lawsuit via NFT to Dubai Developer

Burwick Law seeks to serve Dubai-based defendant Peter McInnes with an NFT as part...

Solana Jumps 5% on Rumors of Staking ETF Launch This Week

Solana surged by about 5% amid reports of a new staking exchange-traded fund (ETF)...

Europol Busts Crypto Fraud Ring Laundering €460M, Five Arrested

Law enforcement dismantled a cryptocurrency investment scam that stole $540 million from over 5,000...

Must Read

10 Best Bitcoin Debit Cards

You are reading this post because you want to get your hands on the best bitcoin debit card - right? Well, we got you covered. We...