Hackers are using a network of vulnerable routers to spread crypto-mining malware to unsuspecting users, security researchers have discovered.
An unknown cyber criminal (or possibly a network of cyber criminals) is using a flaw in more than 170,000 routers manufactured by MikroTik to run scripts on the computers of unsuspecting victims which mine cryptocurrencies for the hacker, according to TrustWave researcher Simon Kenin.
The attack uses a previously-discovered flaw - which has since been patched by MikroTik - to inject a mining script from CoinHive into the browser of anyone connected to an infected router. Most of the affected devices are located in Brazil, but Kenin warned that the attack has been observed in other places as well.
Another researcher, Troy Mursch, also observed a similar case in Moldova involving more than 25,000 MikroTik routers running CoinHive scripts. It is currently unknown whether the two attacks are connected.
The security flaw that allows the routers to be exploited has now been addressed by MikroTik, but numerous devices remain unpatched. This is a big problem, Kenin explains, as MikroTik manufacture high-end equipment that is often used by ISPs, web companies and businesses.
"Let me emphasize how bad this attack is," he said. "The attacker wisely thought that instead of infecting small sites with few visitors, or finding sophisticated ways to run malware on end user computers, they would go straight to the source; carrier-grade router devices."
"There are hundreds of thousands of these devices around the globe, in use by ISPs and different organizations and businesses, each device serves at least tens if not hundreds of users daily."
-
Trump's AI executive order could leave US in a 'regulatory vacuum'News Citing a "patchwork of 50 different regulatory regimes" and "ideological bias", President Trump wants rules to be set at a federal level
-
TPUs: Google's home advantageITPro Podcast How does TPU v7 stack up against Nvidia's latest chips – and can Google scale AI using only its own supply?
-
Security experts claim the CVE Program isn’t up to scratch anymore — inaccurate scores and lengthy delays mean the system needs updatedNews CVE data is vital in combating emerging threats, yet inaccurate ratings and lengthy wait times are placing enterprises at risk
-
IBM AIX users urged to patch immediately as researchers sound alarm on critical flawsNews Network administrators should patch the four IBM AIX flaws as soon as possible
-
Critical Dell Storage Manager flaws could let hackers access sensitive data – patch nowNews A trio of flaws in Dell Storage Manager has prompted a customer alert
-
Flaw in Lenovo’s customer service AI chatbot could let hackers run malicious code, breach networksNews Hackers abusing the Lenovo flaw could inject malicious code with just a single prompt
-
Industry welcomes the NCSC’s new Vulnerability Research Initiative – but does it go far enough?News The cybersecurity agency will work with external researchers to uncover potential security holes in hardware and software
-
Hackers are targeting Ivanti VPN users again – here’s what you need to knowNews Ivanti has re-patched a security flaw in its Connect Secure VPN appliances that's been exploited by a China-linked espionage group since at least the middle of March.
-
Broadcom issues urgent alert over three VMware zero-daysNews The firm says it has information to suggest all three are being exploited in the wild
-
Nakivo backup flaw still present on some systems months after firms’ ‘silent patch’, researchers claimNews Over 200 vulnerable Nakivo backup instances have been identified months after the firm silently patched a security flaw.
