The vulnerability CVE-2018-14847 in MikroTik RouterOS has become eye-candy for cyber maniacs. The ease of exploitation of this vulnerability has resulted in massive abuse of these routers and their network resources in cryptomining. The threat actors exploit the known vulnerability in MikroTik Routers by executing a malicious script to gain administrator privilege on the router.
Mikrotik was founded in Latvia in 1995. The brand particularly focuses on designing wireless devices and routers.
With the help of a congruent and hidden script, cyber hackers were able to misuse the network resources and bandwidth of MikroTik Router in mining CoinHive Cryptocurrency.
CoinHive is a JavaScript cryptocurrency miner for the Monero Block-chain. CoinHive in-browser cryptocurrency mining script thst can be embedded in a browser easily. That is why this cryptocurrency mining script is popular among threat actors.
This campaign was mainly active in Brazil and is known to have compromised around 72,000 MikroTik Routers there and a total of 2, 00,000 devices overall.
Soon after the discovery of the vulnerability the router manufacturers released a patch of the security bug in April. Reckless attitude of the users in installing the updated version of the Router has enabled threat actors to leverage the same security bug to launch other crypto mining attacks.
Recent research revealed that in the latest crypto-jacking campaign, manipulators stealthily implant a mining script in the unpatched devices. The injected malware infects the unsuspecting devices and utilizes up to 80% of their CPU for mining cryptocurrency. The remaining 20% is left free for other tasks of the users. This helps in maintaining the disguise.
In order to keep the victims in the dark, manipulators keep updating their scripts and seem to add more cleanup commands to reduce the risk of being detected.
The survey depicts that 3,734 MikroTik devices have been compromised so far. The number is however unsteady and is known to be growing at a fast pace.
The persistent efforts of the attackers to devise new tactics to invade MikroTik Routers depicts their high level of interest in learning the working of this router brand and leverage this knowledge to exploit it.
Hits: 365
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.