Unpatched MikroTik Routers
News | 09/14/2018

MikroTik Routers vulnerable to cryptocurrency mining campaigns

About: More than 3700 MikroTik routers vulnerable to the exploit code for CVE-2018-14847 are mining for cryptocurrency at the moment. The campaign started in Brazil and is known to rapidly extend to other countries. This massive crypto jacking campaign, tar...  Read More  

| News | MikroTik Routers vulnerable to cryptocurrency mining campaigns

Over 3,700 Unpatched MikroTik Routers Abused In CryptoJacking Campaigns


The vulnerability CVE-2018-14847 in MikroTik RouterOS has become eye-candy for cyber maniacs. The ease of exploitation of this vulnerability has resulted in massive abuse of these routers and their network resources in cryptomining. The threat actors exploit the known vulnerability in MikroTik Routers by executing a malicious script to gain administrator privilege on the router.MikroTik Routers configuration

Mikrotik was founded in Latvia in 1995. The brand particularly focuses on designing wireless devices and routers.

With the help of a congruent and hidden script, cyber hackers were able to misuse the network resources and bandwidth of MikroTik Router in mining CoinHive Cryptocurrency.

CoinHive is a JavaScript cryptocurrency miner for the Monero Block-chain. CoinHive in-browser cryptocurrency mining script thst can be embedded in a browser easily. That is why this cryptocurrency mining script is popular among threat actors.

This campaign was mainly active in Brazil and is known to have compromised around 72,000 MikroTik Routers there and a total of 2, 00,000 devices overall.

Unpatched MikroTik Routers Susceptible to crypto mining attacks


Soon after the discovery of the vulnerability the router manufacturers released a patch of the security bug in April. Reckless attitude of the users in installing the updated version of the Router has enabled threat actors to leverage the same security bug to launch other crypto mining attacks.Unpatched MikroTik Routers

Recent research revealed that in the latest crypto-jacking campaign, manipulators stealthily implant a mining script in the unpatched devices. The injected malware infects the unsuspecting devices and utilizes up to 80% of their CPU for mining cryptocurrency. The remaining 20% is left free for other tasks of the users. This helps in maintaining the disguise.

In order to keep the victims in the dark, manipulators keep updating their scripts and seem to add more cleanup commands to reduce the risk of being detected.

The survey depicts that 3,734 MikroTik devices have been compromised so far. The number is however unsteady and is known to be growing at a fast pace.

The persistent efforts of the attackers to devise new tactics to invade MikroTik Routers depicts their high level of interest in learning the working of this router brand and leverage this knowledge to exploit it.

Hits: 365

Leave a Reply

Your email address will not be published. Required fields are marked *

Did you find the article informative? Yes NO

Get Regular Updates Related to All the Threats

Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.

Virus Removal Guidelines
Plot No 319, Nandpuri- B Pratap Nagar
Rajasthan 302033
Phone: +91 9799661866