Beware – Mikrotik Routers Infected With Coinhive Malware

This is recent and needs more attention. New cryptojacking alert – allegedly over 170k Mikrotik routers are infected with Coinhive malware, which essentially is a cryptocurrency mining malware.

According to computer security researcher Simon Kenin new wave of cryptojacking is taking place at the very moment and it is mostly happening in Brazil, where there are most devices being infected. In the TrustWave article Simon Kenin writes:

The exploit targets Winbox and allows the attacker to read files from the device … but the bottom line is that using this exploit you can get unauthenticated remote admin access to any vulnerable MikroTik router.

He also adds:

Initial investigation indicates that instead of running a malicious executable on the router itself, which is how the exploit was being used when it was first discovered, the attacker used the device’s functionality in order to inject the CoinHive script into every web page that a user visited.

This particular vulnerability in devices was discovered couple of months ago in April this year. MikroTik patched the vulnerability really quick, but currently there are still out of date MikroTik routers being used, because most routers don’t have auto-update features.