According to the recent post on Trustwave, more than 200,000 MikroTik WiFi routers were infected by the mass CoinHive Cryptomining drive. A researcher from Brazil got alarmed after a mass rise in suspicious activity of CoinHive Cryptomining Campaign in Brazil. Additionally look into and uncovered that the MikroTik routers are the base of the activities.
Through the whole campaign, the terrible performing artists behind the campaign utilize zero-day in Winbox part of MikroTik switches. The powerlessness was fixed by the organization inside multi-day, however, there are numerous switches that have not connected the fix.
The researcher also found that the attacker is using the Router’s functionality to inject the CoinHive code to every website/web-page visited by the user. The attackers have used one of the proof-of-concept code which appeared on GitHub for altering the traffic passing through the MikroTik router. And it seems only one attacker is behind all these massive attacks. Only one CoinHive key has been used in all the devices.
“if a user receives an error page of any kind while web browsing, they will get this custom error page which will mine CoinHive for the attacker,” said in the report. And not only the MikroTik WiFi router, some other also been used in this campaign.
Beware of these type of Miners.