Earlier, Qihoo Security Lab discovered that the Latvian router brand MikroTik was attacked by hacker groups and implanted mining software and monitoring traffic.
It should be emphasized that MikroTik has already fixed the bugs in the old firmware. The infected routers have not yet upgraded the new firmware.
Despite the repeated reminders of MikroTik’s official global security companies, there are at least hundreds of thousands or even millions of routers that have not been upgraded worldwide.
Although the mining is relatively bad, most mining will not have a real impact on the user, that is, the system can be restored after the mining software is cleared.
However, mining for the MikroTik router is not a conventional mining, and the hardware performance of the router used for mining does not actually bring much revenue.
So the hacker group attacking the MikroTik router thought of a more extreme method: hijacking the webpage and tampering with the webpage code to insert the online mining code.
In this way, all the computers or mobile phone access pages of the infected MikroTik router will mine, and the mining revenue brought to the hacker group will surge.
When the attack on the MikroTik router was first discovered in Qihoo Labs in August, the total number of infected routers was only about 200,000.
Just three different ways to abuse vulnerable Mikrotik routers to try to mine cryptocurrencies. Total combined 415 thousand results. Many more ways active. pic.twitter.com/u01HEr2UQy
— Kira 2.0 (@VriesHd) December 2, 2018
Subsequently, major security companies issued investigation reports one after another, but the amount of infection has increased to 415,000 units, and this infection has not shown any downward trend. Security experts recommend that operators should take action to force these routers to be updated.
Mining is the focus of this router attack, but hackers holding hundreds of thousands of infected routers will not only be used to do mining as simple as that.
The hacker forwards all traffic accessed by the user to the hacker-controlled proxy server, which means that the hacker can see anything the user has access.
Including the account passwords registered by users on various websites and the login operation will reveal key data such as passwords, which is more harmful to users than mining.