Report: Over 415,000 Routers Worldwide Infected with Crypto Mining Malware

Researchers have discovered that over 415,000 routers are infected with malware designed to steal computing power in order to mine cryptocurrency. The routers are located around the world. The attack predominantly affects MikroTik routers from Brazil, where in August it was found that 200,000 routers were infected. Since August, the number of infected routers has more than doubled in this worrying attack that is still underway. These newer instances of infected routers are found outside of Brazil, suggesting the attackers are widening their target further afield.

Another interesting find that security researchers have found is that the preference in mining software may be changing. CoinHive is usually the main choice for mining, and this is true in 80-90% of the attacks; however, Omine is also being used. The reason for the variation is unclear.

People or businesses with MikroTik devices are encouraged to update their router to the latest software in order to prevent being a victim. If the scale of the problem continues to rise, it’s likely that Internet Service Providers in Brazil will force over the air updates to the router to protect users from having their computing power stolen.

Security researcher VriesHD states: “The patch for this specific problem has been out for months and I’ve seen ISPs with thousands of infections disappear from the list.” However, some internet service providers are not taking action, causing many people to be vulnerable to having their computing power stolen.

Until internet service providers take the jump to force the update, we may see this problem continue for a while. For a lot of people, their router is provided by their internet service provider and they know little about how it works. It’s fair to say a lot of people wouldn’t know where to begin with updating their router, and it may be beyond the scope of a lot of internet users. For those users, they will continue to be vulnerable until the internet service providers step in and fix the issue.

With the attack becoming more global, this problem may intensify. Internet service providers have different policies and ways of operating around the world, meaning users in some countries may be disproportionately affected. It is also very possible that many people do not know they are victims of this attack and will continue as normal, not being concerned when they receive notices from providers that they don’t think applies to them.