Skip to main content

415,000 routers worldwide reportedly infected with cryptojacking malware

online Bitcoin courses
Image used with permission by copyright holder

A new report suggests that more than 415,000 routers globally could be affected by a malware that allows hackers to steal the computing power of connected PCs to mine for cryptocurrency in a scheme known as cryptojacking. The number of affected routers has more than doubled since the malware was initially discovered in August. At the time, it was reported that around 200,000 routers were affected.

Even though the malware threat is expanding, it only affects users who use MikroTik routers. “It is worth pointing out that the number of breached devices might be slightly off, since the data reflects IP addresses known to have been infected with cryptojacking scripts,” The Next Web reported. “Still, the total amount of compromised routers is still pretty high.”

Most of the initially compromised routers were concentrated in Brazil, but as the infection threat expanded, we’re seeing that routers in North America, South America, Africa, Europe, the Middle East, and Asia have also been affected since August, according to a new threat detection map. MikroTik routers are largely sold to internet service providers and organizations, and the surge in router infections shows that not many organizations had installed the latest router firmware.

By exploiting a security flaw in older versions of the router’s firmware, the attacker was able to inject Coinhive script onto every web page that a user visits. “MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface,” the National Vulnerability Database said of the flaw behind MiktroTik’s firmware. Though Coinhive was initially conceived as legitimate software to allow websites to temporarily borrow a visitor’s hardware to mine for Monero, abuse of the script has led many antivirus software to block Coinhive.

However, the good news is that a patch was made ready within a day of discovery to rid affected routers of the cryptojacking malware. Security experts recommend that users of MikroTik routers download the latest firmware from the company’s website to stay ahead of the malware.

Although the cryptocurrency bubble has burst, leading to an excess of graphics cards that were stockpiled during the height of the crypto boom, cryptojacking remains a serious security threat. In a separate incident last month, Nova Scotia’s St. Francis Xavier University in Canada was forced to shut down its entire network after consultation with cybersecurity experts after it was discovered that a hacker had hacked the university’s system to steal computing resources to mine for Bitcoin.

Fortunately for cryptojacking attacks, personal information on or transmitted across the network is generally not compromised, unlike the Russian-linked Wi-Fi malware story from earlier this year. With cryptojacking, the attackers are mainly interested in the computing power that’s connected to the Wi-Fi network to mine for cryptocurrency.

Editors' Recommendations

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
The most innovative laptop of 2023
The Lenovo Yoga Book 9i won Digital Trend's Most Innovative Laptop of 2023 award.

Laptops struggled hard in 2023. For the first time in years, we saw a decline in units sold -- and what felt like a general lack of momentum in the space. But that doesn't mean there weren't a few that really got me excited. The three laptops listed below show just how adventurous laptop manufacturers are getting, and my top choice really pushes that to the extreme.

So, while these aren't exactly the best new laptops to come out in 2023 that everyone should go out and buy, they do show off some serious innovation in engineering and design.

Read more
Microsoft plans to charge for Windows 10 updates in the future
Windows 11 and Windows 10 operating system logos are displayed on laptop screens.

Microsoft has confirmed it will offer security updates for Windows 10 after the end-of-life date for the operating system for consumer users but for a fee.

The brand recently announced plans to charge regular users for Extended Security Updates (ESU) who intend to continue using Windows 10 beyond the October 14, 2025 support date.

Read more
Intel said AMD’s Ryzen 7000 is snake oil
AMD CEO Lisa Su holding an APU chip.

In what is one of the most bizarrely aggressive pieces of marketing material I've seen, Intel compared AMD's Ryzen 7000 mobile chips to snake oil. Over the weekend, Intel posted its Core Truths playbook, which lays out how AMD's mobile processor naming scheme misleads customers. The presentation has since been deleted, according to The Verge.

There's an element of truth to that, which I'll get to in a moment, but first, the playbook, which was first spotted by VideoCardz. Intel starts with claiming that there's a "long history of selling half-truths to unsuspecting customers" alongside images of a snake oil salesman and a suspicious used car seller. This sets up a comparison between the Ryzen 5 7520U and the Core i5-1335U. Intel's chip is 83% faster, according to the presentation, due to the older architecture that AMD's part uses.

Read more