Monero seems to be one of the cryptocurrencies which attract many cyber-criminals and news of hackers targeting the mining of Monero is not uncommon.
Now, an attack regarding the cryptocurrency has made headlines again with a report showing the shocking figure of routers which have been affected by Monero mining malware.
According to Spider Labs, a wave of users have been hit by CVE-2018-14847, a flaw in MikroTik routers, which has left them vulnerable to download a Coinhive cryptocurrency mining script on certain websites. It was reported tens of thousands MikroTik routers have been impacted in Brazil and over 200,000 routers globally.
Our researcher @Simon_Kenin has discovered a massive #IoT #cryptojacking campaign affecting tens of thousands of unpatched @mikrotik_com routers in Brazil and going global. Read more here: https://t.co/SfIz7KKcnc
— SpiderLabs (@SpiderLabs) August 1, 2018
Coinhive has received a controversial reputation for the constant association of attacks on users to mine Monero, such as the cryptojacking incident in Japan which saw 5% of the cryptocurrency’s total tokens hacked.
Simon Kenin of SpiderLabs reported on the severity of this most recent attack:
“The attacker wisely thought that instead of infecting small sites with few visitors, or finding sophisticated ways to run malware on end user computers, they would go straight to the source; carrier-grade router devices. There are hundreds of thousands of these devices around the globe, in use by ISPs and different organizations and businesses, each device serves at least tens if not hundreds of users daily.”
Kenin went on to say that each user of the router would have ultimately got the Coinhive script no matter which site they had visited and that this attack has the potential to target millions of pages on a daily basis, even if it is only on pages which show errors.
He continued to say:
“Compromised MikroTik customers that have Trustwave SWG connected to the router will see a huge spike in CoinHive blocks.”