Worldwide, it is believed that 415,000 routers are infected with malware and have the ability to steal resources to mine for cryptocurrency under the radar. MikroTik routers are amongst the most popular in the world. A majority of ISP’s and other organization use them, but at the rate that they are becoming infected, it is obvious they are not being updated by their users. A large amount of the devices that have been infected are in Brazil, but at this point infected devices have been seen all over the world. CoinHive is the primary software being used in these crypto-jacking attacks, with the attackers exploiting a directory traversal vulnerability which can be found in the WinBox interface of older MikroTik routers. When run correctly, unauthenticated attackers can read arbitrary files while authenticated remote attackers can write the files. Luckily, a patch has already been released by MikroTik.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in