There has been reports last August about this but with lesser affected numbers. However, some MikroTik users never bothered to upgrade their firmware, thus allowing hackers to steal the computing power of the computers connected to the device by running cryptojacking. At that time, roughly 200,000 routers were affected.
Even though the malware threat is expanding, it only affects users who use MikroTik routers. “It is worth pointing out that the number of breached devices might be slightly off, since the data reflects IP addresses known to have been infected with cryptojacking scripts,” The Next Web reported. “Still, the total amount of compromised routers is still pretty high.”
Higher concentration of routers infected were originally concentrated in Brazil, and has made its way to North America, South America, Europe, Africa, Asia and even the Middle East, according to a new threat detection map.
MikroTik routers are largely sold to ISP’s, SOHO’s,small businesses and organizations. The sudden increase in router infection clearly indicates that not many of them have bothered updating their router firmware.
Why is it so important to do so? Well, here is the the short answer. The older firmware versions have a security flaw that can be exploited by the attacker. Thus allowing them to inject Coinhive script onto every webpage that a user visits.
“MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface,” the National Vulnerability Database said of the flaw behind MiktroTik’s firmware.
Though Coinhive was initially conceived as legitimate software to allow websites to temporarily borrow a visitor’s hardware to mine for Monero, abuse of the script has led many antivirus software to block Coinhive.
Software patch has been made available right after its discovery to get rid of the cryptojacking malware from the MikroTik router. Make sure to check for router updates on a regular basis to make sure security risks like this are avoided.
Crytocurrency has declined its popularity nowadays which leads to tons of graphics card that were stockpiled during its cryptomining popularity. Yet still, cryptojacking is still a security threat.
In a separate incident last month, Nova Scotia’s St. Francis Xavier University in Canada was forced to shut down its entire network after consultation with cybersecurity experts after it was discovered that a hacker had hacked the university’s system to steal computing resources to mine for Bitcoin.
Unlike other cyber-attacks, this one is just interested in using the network, computing power and resources for mining cryptocurrency. Unlike others that steals information or holds your data for ransom.