Brazil has been hit with a massive crypto jacking campaign due to the vulnerabilities in the MikroTik routers. A security researcher from Trustwave Simon Kenin said that there has been a surge on Coinhive’s activity which indicated malicious cryptocurrency mining activity.
The researcher also said that upon further examination it was found out to be MikroTik devices that have been involved in the attack. Brazil was found to be the main nation that has been targeted by this attack. Kenin also noticed that all the devices have been using the same Coinhive site key.
Coinhive is one of the legitimate softwares used in a browser which lets the visitors of the website borrow their CPU computation power temporarily in order to mine Cryptocurrency. There has been a widespread misuse of the script which led hence most of the browsers and antivirus solutions started blocking the script.
Trustware has estimated that more than 175,000 devices have been involved in mining the cryptocurrency and virtual gold on behalf of the controlling entity. The second site key is being used by more than 25,000 routers.
If both keys belong to the same actor it will give us a total of 200,000 devices that are mining cryptocurrencies. The security researcher was finally able to figure out the Coinhive activity spike.
“At this point, it’s worth noting that MikroTik routers are used by Internet providers and big organizations, and in this case, it seems that the Reddit post’s author’s ISP had their router compromised, same as the router of the hospital I mentioned earlier in the post,” the researcher said.
The message said that it has been a mass exploitation of the MikroTik devices which allowed the bad actors to take advantage of the vulnerability to make the routers take advantage of the zero-day which was named as CVE-2018-14847.
Take your time to comment on this article.