Hackers Are Spreading Crypto Mining Malware via Routers

Hackers are coming up with innovative ways to spread crypto mining malware. According to a new report, over 400,000 routers have been infected by a cryptojacking malware that specifically targets MikroTik routers.

The attack, which was discovered in August, continues to spread. At the time, approximately 200,000 routers were found to have been compromised by hackers. The figures were based on the number of IP addresses that ran the infected crypto-mining script.

Speaking to Hard Fork, researcher VriesHD stated that actual figures could be between 350,000 and 400,000. He also noted that most MikroTik router malware attacks were spread by Internet Service Providers (ISPs) to unsuspecting users.

According to VriesHD, the problem could easily be resolved by updating router firmware. However, some routers don’t have this feature enabled. In this case, ISPs could force firmware updates.

According to the security researcher, ISPs that have released a patch have been able to overcome the issue. Those that haven’t continue to expose clients to attacks. Most infections are said to have occurred in Brazil.

Just a few days ago, McAfee published another report announcing the discovery of a new hard-to-track crypto mining malware dubbed WebCobra.

It compromises legitimate windows processes and hijacks a system’s resources to mine cryptocurrencies. The malicious program mines crypto by installing the Cryptonight or Claymore’s Zcash miner. The two applications are used to mine Zcash using graphic processing units (GPU) on compromised computers.

The script first launches a Microsoft installer to predetermine the miner to install. Cryptonight miner code is injected into x86 machines, while x64 systems get a Claymore’s Zcash miner installation.

The only sign that a computer has been compromised is a significant drop in computing performance. Overheating issues may also arise. The threat is most prevalent in Brazil, the United States, and South Africa.

A Decline in Crypto Mining Malware Infections

According to a recent report released by Kaspersky, the number of cryptojacking malware infections skyrocketed at the beginning of the year when the crypto market was experiencing a boom.

A report by the Cyber Threat Alliance put year-over-year infection rates at 459 percent since 2017. Now that the sector is experiencing a market decline, cryptojacking infections appear to be on a downward trend.

Countries found to be most affected by the crypto mining malware scourge, according to the Kaspersky report, include Kazakhstan, Vietnam, Indonesia, Ukraine, and Russia. The United States (1.33 percent), Britain (1.66 percent), and Switzerland (1.56 percent) had the least number of recorded miner infections of the global total.

Author: Elizabeth Gail
This article was written and published originally on COINCENTRAL. You can visit the original article here.

Overcoming Resistance to Change on the Journey to Passwordless MFA
Read More
Meet the Author

Rohan Pinto

Co-founder of 1Kosmos

Rohan is the co-founder of 1Kosmos. He is a go-to security and identity management expert and the founder of several businesses that have made considerable advancements in blockchain and identity management.