More than 200,000 MikroTik routers are infected by CryptoMining malware [360totalsecurity]
The hacker utilizes the zero-day vulnerability that MikroTik patched on 23rd April this year. Although MirkioTik fixed the vulnerability in one day, there were thousands of MikroTik routers that failed to be patched in time, giving hackers a good opportunity to launch an attack.
The vulnerability allows hackers to read files via Winbox, and gain authenticated remote administrator access to the MikroTik router. According to the initial investigation, hackers pushed custom error pages containing Coinhive mining scripts through the MikroTik router, instead of running malicious files on the router.
The following analysis was conducted by Simon Kenin, the Security Researcher Trustwave SpiderLabs:
Firstly, all the pages on the Shodan search engine are Web Proxy error pages. It can be seen that the hacker created a custom error page containing the Coinhive script.
For more, click here.