Over 415,000 Routers Attacked for Crypto Mining

Dec 06, 2018 at 0:15

Over 415,000 routers across the globe have been attacked by malware which aims to steal a device’s computing power and quietly mine cryptocurrency, according to a new research.

In a report, Hard Fork said the crypto-jacking was first observed in August, when security experts discovered over 200,000 devices in Brazil had been hijacked to secretly mine cryptocurrency.

In a span of a month, the figure jumped to 280,000.

The attack is said to affect MikroTik routers mostly.

“It wouldn’t surprise me if the actual number of actual infected routers in total would be somewhere around 350,000 to 400,000,” security researcher VriesHD told Hard Fork.

He added that attackers used to favor CoinHive – a mining software for privacy-oriented cryptocurrency Monero (XMR).

However this preference trend has been changing, leaning toward other mining softwares primarily CoinHive, Omine, and CoinImp.

“It used to be like 80-90 percent CoinHive, but a big actor has shifted to using Omine in recent months.”

VriesHD advised internet service providers (ISPs) to prevent the spreading of malware by forcing over-the-air updates to the routers.

“Users should indeed update their routers, yet the biggest bunch of them are distributed by ISPs to their customers, who often have no idea what to do or how to update the router,” the researcher told Hard Fork.

“Often these distributed routers are limited in their rights as well, not allowing users to update the routers themselves.”