Several hackers are using a network of unprotected routers to circulate cryptocurrency-mining malware to users without any suspicion, security experts and researchers have revealed.
Anonymous cybercriminals are using a fragment in over 170,000 routers made by MikroTik to execute scripts on the computers of unaware victims to mine Cryptos for the hacker, according to Simon Kenin, a TrustWave researcher.
The attack applies a formerly iris covered flaw that has since been patched by MikroTik itself to push a mining script from CoinHive into the browser of any person connected to a damaged router. A lot of infected devices are found in Brazil, but Simon cautioned that the attack has been as well registered in other areas.
One other senior researcher, known as Troy Mursch, also noticed an identical situation in Moldova involving over 25,000 MikroTik routers executing CoinHive scripts. It's apparently not clear whether or not the two attacks are related.
The security defect that permits the routers to be used has now been properly handled by MikroTik, but many devices tarry unpatched. This is a high-puzzling circumstance, Simon indicates, as MikroTik produce high-end equipment that frequently used by businesses, ISPs and web companies.
"Let me emphasize how bad this attack is," he said. "The attacker wisely thought that instead of infecting small sites with few visitors, or finding sophisticated ways to run malware on end-user computers, they would go straight to the source; carrier-grade router devices."
There are very many devices around the world that are in use by businesses, various organizations and ISPs, with every device serving almost tens if not hundreds of regular users every day.