Unfortunately, in most cases, the hackers use others’ hardware for making money for themselves. Recently, security researchers discovered a massive cryptojacking campaign that targets and infects MikroTik routers with a copy of the Coinhive in-browser mining script. As you can tell, Coinhive mining script is one of the most popular in-browser mining scripts of all times.

The campaign appears to have started this week and at the first stage, was mainly active in Brazil. However, as its next target, it started infecting MikroTik routers all over the world.

A Brazilian researcher (@MalwareHunterBR) identified the attacks first. The attack continued growing infecting more and more routers and got the attention of Simon Kenin – a security researcher from Trustwave’s SpiderLabs division.

another mass exploitation against @mikrotik_com devices (https://t.co/4MxQbnNStA)
hxxp://170.79.26.28/
CoinHive.Anonymous(‘hsFAjjijTyibpVjCmfJzlfWH3hFqWVT3’, #coinhive pic.twitter.com/Nr8MA0TbzY

— MalwareHunterBR (@MalwareHunterBR) July 30, 2018

Numbers of infected routers

In a report from Trustwave, Kenin mentioned that the hacker(s) behind the campaign successfully compromised at least 72,000 MikroTik routers at the first stage of attack in Brazil.

But at the second stage, it attacked and infected more and the total number rose up to 170,000.

Update: Using a different Coinhive key, a new campaign of similar type was ongoing. It’s not sure whether the attacker is the same or another one. In total, the number is about 200,000 of infected routers.

Infection method

Kenin also said that the hacker(s) take the advantage of a zero-day vulnerability in the Winbox component of MikroTik routers. This vulnerability was first discovered back in April this year and MikroTik fixed the problem within 24 hours. However, this doesn’t mean that all the owners of the routers took the necessary steps to apply the required patch.

The zero-day was dissected by a number of security researchers and in GitHub, there are public proof-of-concept codes available. Check out proof-of-concept 1 and 2.

According to Kenin, the attacker(s) took the advantage of the public codes for altering traffic passing through the router and inject a copy of Coinhive library inside all the pages that passed through the router.

It’s only one threat actor, according to what information was found about the attacking. All the script shared the same Coinhive key.

Other users infected

Kenin says that he was able to identify where some non-MikroTik users were also impacted. It happened because some Brazilian ISPs were using MikroTik as their main network and thus, the attacker(s) successfully injected malicious Coinhive mining script in a massive amount of web traffic.

The attacker is also smart enough to decrease the surface of the attack. If users would get a lot of trouble visiting sites, both the ISPs and users would perform investigation on what’s going on. Recently, the attacker(s) switched tactics and only injecting the scripts in error pages returned by routers.

This doesn’t have a downfall for the attacker as it seems. Kenin said that in recent days, he noticed the attack spreading all over the world and infected nearly as much as 170,000 MikroTik routers.

Thus, even if the attacking surface is only limited to error pages, there are potentially millions of daily pages for the attacker.

How to stay safe

If you own a MikroTik router, it’s a must that you have to upgrade your router’s firmware. Don’t forget to apply all the available patches as well.

It’s also recommended to reset the router to system default beforehand so that it will remove any possible malicious code present in the system.

The post Cryptojacking Campaign Infected 170,000 MikroTik Routers appeared first on Linux Windows and android Tutorials.

What is cryptocurrency mining

Before you understand how serious this issue is, you have to realize how cryptocurrency works. Let’s start with Bitcoin, the most popular cryptocurrency of all. The total possible number of available Bitcoin is 21 million – nothing more. But not all the coins currently exist – they have to be mined by solving different math puzzles with the help of computers. This method requires a huge hardware resource to calculate and solve all the puzzles. The solver gets Bitcoin as a reward. Mining requires an algorithm and a computer to run the algorithm.

Websites now use your web browser to run that algorithm and your hardware to perform the heavy job. This process is called “cryptojacking”. Many websites are using this method to earn some extra money. The perfect example is CoinHive. It uses a JavaScript tool to mine on your browser.

Cryptojacking

Why is cryptojacking bad? Well, it’s a controversial topic. Some think it’s okay, some think it’s bad. However, it’s a bad trait overall. Normally, cryptocurrency mining methods are HEAVILY resource-hungry. It forces your processor to work on overload and using more power. This overload work is dangerous for hardware like CPU – the more work, the more heat generation that gradually leads to permanent damage. Moreover, when browsing the website, your other works will become very slow as your CPU is busy in mining.

There are different websites that use such mining tool on their website. For example, The Pirate Bay (caution – it’s a torrent website with illegal content) is a torrent site. They integrated the CoinHive JavaScript to run in the web browsers of its viewers. They claim that it’s their alternative method to earn some extra money instead of showing the annoying ads. It’s the first popular website that took this measure.

Why would you burn your PC? There’s no need for such an overload on your computer. Cryptocurrency mining is so resource-hungry that there are numerous different mining hardware available that are specially designed for mining. PC is never a suitable solution for mining.

How to stay secured

By far, CoinHive is the most popular miner that websites use. However, other mining tools are always floating in websites. For blocking such heinous tools, you can use several methods.

• Install Adblock – It’s one of the most popular extensions for all the browsers. There’s a default cryptocurrency blocking method available. The extension is available for Chrome, Firefox, Opera, Safari, and Edge. Get Adblock.
• Use a security solution – Security vendors are always checking the web for cyber issues. By default, a security software will block the mining tool from the web. CoinHive successfully fooled a few security software, but all the companies are always evolving to defend the latest threats. Check out the top 10 security solutions.
• Block CoinHive – CoinHive is the most popular one in such actions. The file that is used can be blocked using custom filters. Block “coin-hive.com/lib/coinhive.min.js” using Adblock Plus.

The bottom line

Fortunately, the tool doesn’t steal sensitive info. Recently, other malicious miner tools are affecting PCs. Zealot is one of them. Learn more how to stay protected from Zealot.

The post How to Stop Hackers from Mining Cryptocurrency on Your PC appeared first on Linux Windows and android Tutorials.