Over 200,000 Wi-Fi Routers Affected By Massive CoinHive Cryptomining Campaign

Share on twitter
Tweet
Share on whatsapp
WhatsApp
Share on facebook
Share
wifi router syping

A new discovery by the researchers at Trustwave has revealed that a CoinHive cryptomining campaign has affected more than 200,000 MikroTik routers.

Researchers got alerted after witnessing a rise in the CoinHive activity in Brazil. Further research revealed that the MikroTik routers are the root of the activities. Through the campaign, bad actors behind the campaign use zero-day in Winbox component of MikroTik routers. The vulnerability was patched by the company within a day, but there are many routers that have not applied the patch.

According to the report by Trustwave, the attacker is using the device’s functionality to inject the CoinHive script into every webpage visited by the users. The attackers have used one of the proof-of-concept code which appeared on GitHub for altering the traffic passing through the MikroTik router.

Only one CoinHIve key has been used in the devices which shows that only one threat actor is behind all the attacks.

“if a user receives an error page of any kind while web browsing, they will get this custom error page which will mine CoinHive for the attacker,” said the report.

The attack is spreading at a massive pace and has affected some of the non-MikroTik users as well.

Also Read: Lenovo To Unveil World’s First 5G Phone With Snapdragon 855 Chip
Anmol Sachdeva

Anmol Sachdeva

Anmol is a tech journalist who handles reportage of cybersecurity and Apple and OnePlus devices at Fossbytes. He's an ambivert who is striving hard to appease existential crisis by eating, writing, and scrolling through memes.

New on Fossbytes

Scroll to Top