In all, the malware campaigns have compromised more than 210,000 routers from Latvian network hardware provider Mikrotik across the world, with the number still increasing as of writing.
The hackers have been exploiting a known vulnerability in the Winbox component of MikroTik routers that was discovered in April this year and patched within a day of its discovery, which once again shows people's carelessness in applying security patches on time.
The security flaw can potentially allow an attacker to gain unauthenticated, remote administrative access to any vulnerable MikroTik router.
The first campaign, noticed by Trustwave researchers, began with targeting networking devices in Brazil, where a hacker or a group of hackers compromised more than 183,700 MikroTik routers.
Since other hackers have also started exploiting MikroTik router vulnerability, the campaign is spreading on a global scale.
Troy Mursch, another security researcher, has identified two similar malware campaigns that infected 25,500 and 16,000 MikroTik routers, mainly in Moldova, with malicious cryptocurrency mining code from infamous CoinHive service.
The attackers are injecting Coinhive’s Javascript into every web page that a user visits using a vulnerable router, eventually forcing every connected computer to unknowingly mine Monero cryptocurrency for the miscreants.
No comments:
Post a Comment