Report: Number of Routers Affected by Crypto Malware Doubled Since August, Reaching 415K

Published at: Dec. 6, 2018

The number of MikroTik routers affected by cryptojacking malware has repotedly doubled since summer 2018, reaching 415,000, security researcher VriesHd tweeted Sunday, Dec. 2.

Since August, VriesHd has been reporting on crypto malware that targets routers and forces them to mine cryptocurrencies along with the researchers from Bad Packets Report.

They revealed that routers by Mikrotik, a Latvian manufacturer of network equipment, were compromised by at least 16 different types of malware including Coinhive, a cryptojacking software mining privacy-oriented cryptocurrency Monero (XMR).

By September the estimated number of compromised routers surpassed 280,000, according to Bad Packets. In the recent tweet VriesHd explains that he has only checked three possible ways to abuse MikroTik, although there may be several more. VriesHd’s review, which is only based on preliminary projections, shows 415,000 routers affected.

As VriesHd told tech news outlet The Next Web, the attackers have recently switched from Coinhive to other mining software, such as Omine and CoinImp. He also noted that the exact number might be slightly off, as the data only reflects IP addresses infected. However, he believes the number is still high. “It wouldn’t surprise me if the actual number [...] would be somewhere around 350,000 to 400,000,” VriesHd said.

As Cointelegraph previously reported, Brazil is the most affected by cryptojacking. According to research by Iran’s cybersecurity authority, Brazil was hit over 81,000 times by Coinhive in October alone. India came in second with around 29,000 incidents, followed by Indonesia with more than 23,000. Iran itself experienced around 11,000.

According to a Bloomberg report, the total number of crypto mining malware infections increased 500 percent this year after hackers allegedly stolen a code targeting Microsoft Systems from the U.S. National Security Agency (NSA).

Another report by network and enterprise security company Palo Alto Networks found that around 5 percent of all Monero in circulation was mined through cryptojacking.

Tags
Related Posts
Researchers Uncover Threat of ‘Unusual’ Virtual Machine Crypto Mining
Cybersecurity firm ESET has detected what it describes as an unusual and persistent cryocurrency miner distributed for macOS and Windows since August 2018. The news was revealed in a report from ESET Research published on June 20. According to ESET, the new malware, dubbed “LoudMiner,” uses virtualization software — VirtualBox on Windows and QEMU on macOS — to mine crypto on a Tiny Core Linux virtual machine, thus having the potential to infect computers across multiple operating systems. The miner itself reportedly uses XMRig — an open-source software used for mining privacy-focused altcoin monero (XMR) — and a mining pool, …
Altcoin / June 24, 2019
Trend Micro: Outlaw Hacking Group’s Botnet Is Now Spreading a Monero Miner
Cybersecurity company Trend Micro claims to have detected a web address spreading a botnet featuring a monero (XMR) mining component alongside a backdoor. The malware was described on Trend Micro’s official blog on June 13. Per the report, the firm attributes the malware to Outlaw Hacking Group, as the techniques employed are almost the same used in its previous operations. The software in question also holds Distributed Denial of Service (DDoS) capabilities, “allowing the cybercriminals to monetize their botnet through cryptocurrency mining and by offering DDoS-for-hire services.” Trend Micro also believes that the creators of the malware in question are …
Altcoin / June 13, 2019
Trend Micro Detects Major Uptick in New Strain of XMR Malware Targeting China-Based Systems
Cybersecurity firm Trend Micro has detected a major uptick in monero (XMR) cryptojacking malware targeting China-based systems this spring. The news was revealed in an official Trend Micro announcement on June 5. As previously reported, cryptojacking is an industry term for stealth crypto mining attacks that work by installing malware that uses a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge. The XMR-focused malware — which wields malicious PowerShell scripts for illicit mining activities on Microsoft-based systems — reportedly surged against Chinese targets in mid-May. Hitting a peak on May 22, the wave of cryptojacking …
Altcoin / June 6, 2019
Botnet Exploits SQL Servers to Install Crypto Mining App
Recent reports revealed that a group of hackers behind the Kingminer botnet targeted vulnerable Microsoft SQL server databases to mine cryptocurrencies at some point in the second week of June. According to the cybersecurity firm Sophos, the attackers used the botnet, active since 2018, to exploit the BlueKeep and EternalBlue vulnerabilities, by also accessing through a trojan known as Gh0st, which relies on a remote access malware. Once the SQL server database is infected, the botnet installs a well-known crypto miner software called XMRig, which mines Monero (XMR). There are no details as of press time regarding how many systems …
Altcoin / June 10, 2020
Crypto Miners Dominate Top 10 List of Most Prolific Malware Threats
A global threat report has concluded that the three most common malware variants detected in April were crypto miners, according to a news release on May 14. Check Point Research said Cryptoloot, malware that uses the victim’s computing power to mine for crypto without their knowledge, was last month’s biggest threat. XMRig, open-source software which is used for mining monero (XMR), was in second place. Rounding off the top three was JSEcoin, a JavaScript miner embedded in websites. Despite their prevalence, the company’s researchers believe that criminals are shifting their focus away from crypto mining. Several popular services used to …
Altcoin / May 16, 2019