Skip to main content

415,000 routers worldwide reportedly infected with cryptojacking malware

online Bitcoin courses
Image used with permission by copyright holder

A new report suggests that more than 415,000 routers globally could be affected by a malware that allows hackers to steal the computing power of connected PCs to mine for cryptocurrency in a scheme known as cryptojacking. The number of affected routers has more than doubled since the malware was initially discovered in August. At the time, it was reported that around 200,000 routers were affected.

Even though the malware threat is expanding, it only affects users who use MikroTik routers. “It is worth pointing out that the number of breached devices might be slightly off, since the data reflects IP addresses known to have been infected with cryptojacking scripts,” The Next Web reported. “Still, the total amount of compromised routers is still pretty high.”

Recommended Videos

Most of the initially compromised routers were concentrated in Brazil, but as the infection threat expanded, we’re seeing that routers in North America, South America, Africa, Europe, the Middle East, and Asia have also been affected since August, according to a new threat detection map. MikroTik routers are largely sold to internet service providers and organizations, and the surge in router infections shows that not many organizations had installed the latest router firmware.

By exploiting a security flaw in older versions of the router’s firmware, the attacker was able to inject Coinhive script onto every web page that a user visits. “MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface,” the National Vulnerability Database said of the flaw behind MiktroTik’s firmware. Though Coinhive was initially conceived as legitimate software to allow websites to temporarily borrow a visitor’s hardware to mine for Monero, abuse of the script has led many antivirus software to block Coinhive.

However, the good news is that a patch was made ready within a day of discovery to rid affected routers of the cryptojacking malware. Security experts recommend that users of MikroTik routers download the latest firmware from the company’s website to stay ahead of the malware.

Although the cryptocurrency bubble has burst, leading to an excess of graphics cards that were stockpiled during the height of the crypto boom, cryptojacking remains a serious security threat. In a separate incident last month, Nova Scotia’s St. Francis Xavier University in Canada was forced to shut down its entire network after consultation with cybersecurity experts after it was discovered that a hacker had hacked the university’s system to steal computing resources to mine for Bitcoin.

Fortunately for cryptojacking attacks, personal information on or transmitted across the network is generally not compromised, unlike the Russian-linked Wi-Fi malware story from earlier this year. With cryptojacking, the attackers are mainly interested in the computing power that’s connected to the Wi-Fi network to mine for cryptocurrency.

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
Upgrade to the Alienware 18 Area-51 gaming laptop with RTX 5070 Ti — $500 off!
The Alienware 18 Area-51 Gaming Laptop on a white background.

You should be ready to spend a lot if you want a powerful gaming laptop, but you should also be on the lookout for potential savings. Now's a great time to check out Alienware deals because of Dell's Black Friday in July sale, which includes a fantastic offer for the Alienware 18 Area-51 gaming laptop. This configuration with the Nvidia GeForce RTX 5070 Ti graphics card is down from $3,300 to $2,800, which is still expensive, but you wouldn't want to miss this chance at $500 in savings. You have to hurry though, as stocks may run out at any moment!

Buy Now

Read more
Save $100 on our pick for the best printer
HP includes full ink bottles with the Smart Tank 7602.

What do we need to print these days? Tax forms, student essays, and clearly-legible letters? Not so much. Bright invites, pictures, and presentation accompaniments? Yes, yes, and yes! In today's world, the typical person's needs in an inkjet printer are far different than the last time you were likely to have bought a printer. And the industry is catching up. Right now, our pick for the overall best printer of 2025 is $100 off as part of early Prime Day deals. That makes the $450 printer just $350 if you buy now. Plus, it comes with two years of HP's ink included. So, tap the button below to go check out the HP Smart Tank 7602 for yourself or keep reading to see what we like about it and what we found out during our review.

BUY NOW

Read more
Apple’s work-from-home powerhouse is 24% off… and about to go extinct
The MacBook Air on a table in front of a window.

Hard-hitting MacBook deals are rare. People love their products and will happily buy them at full price, so sales aren't as incentivized as with other products. So, when we see a $400 savings on the most powerful version (the 24GB of RAM one) of the MacBook Air M3, dropping its price from $1,699 to $1,299, we love it. And that's exactly what's happening as part of this early Prime Day deal and one of the most exciting laptop deals in recent dates. Tap the button below to see it for yourself, or keep reading to get all of the details about the MacBook Air M3, what we discovered when we used it ourself, and why this deal may be the last of its kind.

BUY NOW

Read more