Over 200,000 routers in Brazil, Moldova succumb to Monero cryptomining attack

Getting your Trinity Audio player ready...

It’s barely a week, and Monero (XMR) is on the spotlight again. According to recent reports, a malicious malware has been attacking over 200,000 routers in Brazil to mine the privacy-centric cryptocurrency.

The hackers have been attacking a particular brand of routers called MikroTik in order to conduct their operations. According to a Trustwave report, hackers used MikroTik routers after their system become vulnerable back in April. Upon realizing the security flaw, the MikroTik development team released a security patch to fix the issue; however, not all users were able to fix the problem, which exposed them to attacks.

A security flaw in MikroTik routers, known as CVE-2018-14847, reportedly affected the company’s Ethernet and Wi-Fi helped hackers to penetrate user computers and mine XMR. Reports show that the hackers began by infiltrating 175,000 routers in Brazil, and then expanded to the country of Moldova in Eastern Europe, where it attacked an estimated 25,000 routers. It is yet unclear whether the hackers that attacked the routers in Moldova is the same group that operated in Brazil.

The hackers used small chips in the router and the Coinhive, a Monero mining script, to penetrate a user’s computer. Although the malware is not stealing coins from users’ wallets, it affects the computers processing power. In addition, the malware uses a lot of electricity to mine the coin, which has made many users to pay high electricity bills.

Initially, the malware worked by attacking all the web pages. To avoid being detected, hackers resulted in attacking custom error pages and using a cleanup command. This helped them go unnoticed.

A researcher at SpiderLabs, Simon Kenin, found the cryptomining attack and reported it. In a blog post, Kenin warned that attack is quickly growing to spread across hundreds of thousands of MikroTik devices. He added that the malware stands to attack many people as each device serves at least 10, if not hundreds of users every day.

Our researcher @Simon_Kenin has discovered a massive #IoT #cryptojacking campaign affecting tens of thousands of unpatched @mikrotik_com routers in Brazil and going global. Read more here: https://t.co/SfIz7KKcnc

— SpiderLabs (@SpiderLabs) August 1, 2018

So far, the number of monero coins mined by the hackers is believed to be quite significant given the period the operation is believed to have been running.