200,000 Routers Infected in Mass Cryptojacking Attack in Brazil

Reports of new cryptojacking schemes continue to plague the cryptocurrency market. Most recently, 200,000 MikroTik routers were discovered by Trustwave on July 31st to be secretly running a Monero (XMR) mining script.

“I saw that all of these devices were using the same CoinHive sitekey, meaning that they all ultimately mine into the hands of one entity,” reports Simon Kenin, who first discovered the attack. “I looked for the CoinHive site-key used on those devices, and saw that the attacker indeed mainly focused on Brazil.”

“Let me emphasize how bad this attack is,” writes Kenin. “The attacker wisely thought that instead of infecting small sites with few visitors, or finding sophisticated ways to run malware on end user computers, they would go straight to the source; carrier-grade router devices.”

Cryptojacking has become the most popular form of cryptocrime in recent years. The malicious cryptocurrency mining technique has been rapidly replacing traditional forms of ransomware, which were becoming increasingly common between 2014 and 2016 and have since begun to vanish.

In a report published earlier this year, McAfee labs detected 2.9 million new samples of coin miner software among its users in the first quarter of 2018 alone–a 629 percent increase from the previous quarter.

“This is a warning call and reminder to everyone who has a MikroTik device to patch as soon as possible, this attack may currently be prevalent in Brazil, but during the final stages of writing this blog, I also noticed other geo-locations being affected as well, so I believe this attack is intended to be on a global scale,” writes Kenin.

The cryptocurrency community is still struggling to figure out how to stop the ever-growing amounts of cryptojacking taking place globally. Recent estimates suggest that as many as 55 percent of businesses worldwide are currently infected. Unhashed published an article last month revealing that 5 percent of cryptocurrency Monero in circulation had been mined through malicious mining software.

Josh Grunzweig, an employee at Palo Alto Networks who authored the Monero cryptojacking report, has stated,

“Defeating cryptocurrency miners being delivered via malware proves to be a difficult task, as many malware authors will limit the CPU utilization, or ensure that mining operations only take place during specific times of the day or when the user is inactive. Additionally, the malware itself is delivered via a large number of methods, requiring defenders to have an in-depth approach to security.”

It is still unclear how much damage has been done from the recent attack in Brazil. Updates will be published as more information arrives.

The post 200,000 Routers Infected in Mass Cryptojacking Attack in Brazil appeared first on UNHASHED.