TrustWave Finds Coinhive Monero Mining Malware Hijacking 200,000 MicroTik Routers in Brazil
200,000 Investors Become Victims of Massive Malware Attack in Brazil
Malicious software was found on a group of Monero mining systems on August 3rd. The systems, located in Brazil, and their threatening software were found by Simon Kenin, who is a TrustWave Researcher. He noticed that MicroTik was being used for the attack, impacting 200,000 routers that were in service mining Monero.
These cyber delinquents developed a program that runs in the background, while infiltrating the entire system with a malware code. The most powerful attack against a Monero system is through its CPUs and a certain mining script called a coinhive. The script runs globally, which makes it even easier to hack.
According to Forbes, the router holds a microchip, which has a great similarity to the ones that handheld devices use. Even though the microchip is not exactly well-protected or powerful, it is able to do more than just connect to the internet. In general, the accounts of users are still relatively safe with mining malware, since the attackers are not looking to steal a user’s assets. Instead, it does not a lot of damage to the infiltrated devices and can cause slow performance speeds.
The company actually already setup a patch for their threat in April, which was setup by the creator of the routers. Unfortunately, many of the owners of these routers either did not install the update or were not told about it.
Kenin said, after the analysis, “Let me emphasize how bad this attack is, there are hundreds of thousands of these devices around the globe, in use by ISPs and different organizations and businesses, each device serves at least tens, if not hundreds, of users daily.”
To add to this sentiment, Kenin said, “Miners, on the other hand, can be a lot more stealthy, so while a single computer would yield more money from ransomware if the user ends up paying, an attacker would prefer to run a stealthy miner for a longer period of time. The plan being that at some point the mining would be as profitable as, if not more than, the one-time ransom payout.”