Cryptojacking Malware Runs On 415,000 Routers Worldwide

A new report suggests that a malware that allows hackers to steal the computing power of connected PCs to mine for cryptocurrency in a scheme known as cryptojacking could have affected more than 415,000 routers globally.

The number of routers affected more than doubled since malware was first detected in August. About 200,000 routers were reported to have been affected at that time.

Although the threat of malware is increasing, it affects only users using MikroTik routers.

“It is worth pointing out that the number of breached devices might be slightly off, since the data reflects IP addresses known to have been infected with cryptojacking scripts,” The Next Web reported. “Still, the total amount of compromised routers is still pretty high.”

Most of the initially compromised routers have been concentrated in Brazil, but as the threat of infection has increased, we see that routers in North America, South America, Africa, Europe, the Middle East and Asia have also been affected since August, according to a new menace detection map.

MikroTik routers are largely sold to Internet service providers and organizations, and the rise in router infections shows that not many companies have installed the latest firmware for the router.

“MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface,” the National Vulnerability Database said of the issue in the MiktroTik’s firmware.

Although Coinhive was originally designed as legitimate software to allow websites to borrow a visitor’s hardware temporarily for mining Monero, the abuse of the script has resulted in blocking Coinhive by many antivirus software.

The good news, however, is that a patch was made ready to remove affected routers from the cryptojacking malware within a day of discovery. Safety experts recommend that MikroTik router users download the latest firmware from the company’s website to keep the malware ahead.

Although the cryptocurrency bubble has burst, leading to a surplus of graphics cards that were stockpiled at some stage in the pinnacle of the crypto boom, cryptojacking continues to be a staid security risk.

In an unconnected occurrence last month, Nova Scotia’s St. Francis Xavier University in Canada was constrained to close its complete network after discussion with cybersecurity experts after it was found that a hacker had gained access to the university’s system to take control of computing resources to mine for Bitcoin.

Luckily for cryptojacking attacks, personal data transmitted across the network is normally not compromised, contrasting the Russian-linked Wi-Fi malware story reported earlier this year. With cryptojacking, the attackers are primarily concerned about the computing power that’s linked to the Wi-Fi network to mine for cryptocurrency.