Tue. Jun 2nd, 2020

Hackers have infected over 280,000 MikroTik routers to mine and monitor traffic

2 min read

The Romanian router brand MikroTik was found to have a vulnerability this spring, but the device manufacturer immediately released a new version of the firmware to plug the vulnerability.

However, there are still countless MikroTik router users, especially enterprise users, who have not paid attention to this matter and are still using the old version with vulnerabilities.

Until the last two months, hackers began to use the Internet of Things worm to attack these routers, and then hijacked the network access to mine mining code to mine Monroe.

MikroTik route

The number of infections has soared to 280,000 units:

Although router manufacturer MikroTik has issued several announcements, various technology websites have also issued reminders to advise users to update, but there are still a large number of devices not upgraded.

Two months ago, Qihoo, Symantec, Bit Vander and McAfee began tracking the botnet, when 200,000 devices were infected.

However, the total number of infected devices has soared to 280,000 units and continues to grow, which means that more and more users are using insecure networks.

Hijacking network access for mining:

Previously, we have mentioned that the hacker’s sagacity is not mining through MikroTik, because the router configuration is very low, even if mining does not have much benefit.

The hacker tampering with the MikroTik routing-related settings, which are hijacked and inserted into the online mining script code when the user accesses the external network through the route.

This can use the massive user traffic to provide mining power for hackers, but the hacker’s mining code could not run successfully due to configuration errors.

Now that hackers have modified the configuration, it has continued to infect more devices to dig, and hackers can also distribute phishing sites and malware when necessary.

Via: thenextweb