Cryptojacking Malware Infections Double in Internet Routers Since Summer Per Security Researcher
Malware is one of the most popular ways that hackers get the information that they want. Hackers have been working their way into traditional finance for a while, and cryptocurrency has not been an exception. In one of the most recent and public cases, cryptojacking malware has been impacting many MikroTik routers, doubling since summertime, based on the research of VriesHd and Bad Packets Report.
Just three different ways to abuse vulnerable Mikrotik routers to try to mine cryptocurrencies. Total combined 415 thousand results. Many more ways active. pic.twitter.com/u01HEr2UQy
— Kira 2.0 (@VriesHd) December 2, 2018
VriesHd has been watching and reporting on this malware since August, which infiltrates routers and mines cryptocurrency in background. In the time that the researchers watched MikroTik routers, there were 16 different types of malware found, including a cryptojacking software called Coinhive. Coinhive’s efforts seemed to be to mine Monero.
By September, Bad Packets discovered that there were over 280,000 compromised routers. However, VriesHd let Twitter followers know that he’d only been examining three methods of abuse towards MikroTik, but there is a chance that other methods were used. Preliminary projections from VriesHd suggested that approximately 415,000 routers were impacted.
When speaking with news outlet The Next Web, VriesHd said that Coinhive appeared to be abandoned by much of the attackers, who instead chose to go after the routers with Omine and CoinImp. The number could vary, considering that the only numbers shown are the infected IP addresses. Still, VriesHd says, “It wouldn’t surprise me if the actual number […] would be somewhere around 350,000 to 400,000.”
Brazil seems to be the nation that is facing the most cryptojacking, allegedly being hit by Coinhive over 81,000 times in October, based on the research performed by the cybersecurity authority in Iran. Right behind Brazil is India, who had 29,000 incidents in the same month. Indonesia was third with over 23,000, and fourth is Iran, who dealt with 11,000 incidents.
The biggest surge of malicious activity seemed to be caused by the theft of a code from U.S. National Security Agency (NSA), which was meant to target Microsoft Systems. As a result, crypto mining malware went up by fivefold in this year alone. Palo Alto Networks created another report on cryptojacking, finding that the thefts accounted for about 5% of the total Monero in the market today.