Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

MikroTik routers grab their pickaxes, descend into the crypto mines

Hacker slips CoinHive code onto network appliances

Researchers have found thousands of MikroTik network routers in Brazil serving up crypto-coin-crafting CoinHive code.

Trustwave researcher Simon Kenin said this week one or more attackers have exploited a known vulnerability in Mikrotik's enterprise routers to inject error pages with code that uses visitors' machines to mine digital dosh for the miscreants.

Kenin says that the attackers have been running an exploit script to gain administrator access over the targeted routers, then installing a custom page that would come up any time an error occurs. Within that page is the actual code that employs any spare compute power on the browsing computer to mine cryptocoins and then transmit them to an address controlled by the attacker.

The exploit itself is not exactly novel, and it's hard to blame the vendor in this case. The targeted vulnerability was patched by MikroTik back in April, just days after it was initially reported. Unfortunately, admins have been slow to patch the bug on their own appliances.

"To MikroTik's credit, they patched the vulnerability within a day of its discovery, but unfortunately there are hundreds of thousands of unpatched (and thus vulnerable) devices still out there, and tens of thousands of them are in Brazil alone," Kenin noted.

Thus far, Kenin said, the attacks are geographically limited to systems in Brazil, though they do appear to be spreading to other places. Additionally, Kenin found, servers connected to the router will also end up injecting the code into other web pages as well.

hacker

Ransomware is so 2017, it's all cryptomining now among the script kiddies

READ MORE

"What this means is that this also impacts users who are not directly connected to the infected router's network, but also users who visit websites behind these infected routers," Kenin said.

"In other words, the attack works in both directions."

This is a problem because MikroTik's routers are used by a number of large companies, including ISPs.

"Let me emphasize how bad this attack is. The attacker wisely thought that instead of infecting small sites with few visitors, or finding sophisticated ways to run malware on end user computers, they would go straight to the source; carrier-grade router devices," said Kenin.

"There are hundreds of thousands of these devices around the globe, in use by ISPs and different organizations and businesses, each device serves at least tens if not hundreds of users daily."

Kenin is advising anyone using a MikroTik device to update their firmware as soon as possible to make sure their systems will be protected against the exploit used to install the mining code. ®

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like