According to a report, almost 30,000 MikroTik routers have been injected with CoinHive crypto mining scripts in the past few days. In August, more than 200,000 routers from the same company were hit with a nearly identical crypto mining script in South America. There is a good chance the hackers who are running this new wave of crypto mining script injections are part of the same group that hit South America.
There was a flaw in the router’s firmware that allowed hackers to inject this mining script, but the manufacturer had patched it three months prior to the South American attack. This means that nearly a quarter of a million routers so far have been hit due to the same bug and there could be more out there.
India Becoming a Major Target
India has become a popular target for cryptojackers due to the lax security measures in place on many websites. A number of government sites in the country have been hijacked this year and had mining scripts injected into them, mining millions of Rupees worth of cryptos. In addition to hackers targeting government websites, they are also going after internet service providers.
According to one security enthusiast from Mumbai, a new router he got from his internet service provider (ISP) was already infected with CoinHive mining scripts. This is a worrying prospect, as not many people have the technical skills to detect router-based mining scripts, so if ISPs are sending out infected routers then we could see the Monero mining difficulty suddenly start to increase.
I found the same thing in the router provided by my ISP a couple of days ago. Probably all the routers used by them are infected and outdated.
— Vipin Bathaw (@vipin_bathaw) October 5, 2018
CoinHive Code is Popular
CoinHive is a perfectly legitimate crypto mining script, which enables website owners to place mining script into a site to facilitate the use of website traffic to mine cryptos. This means that free content websites have a new method of earning money. In return, visitors don’t get bombarded with a myriad of adverts and pop-ups – leading to a better web experience. However, hackers have taken this code and mutated it to become a weapon. Hackers then gain access to websites or servers, inject the code and leave websites none the wiser. CoinHive gives hackers a shorter time to market length than some of the other scripts out there, hence why it’s so popular.
If you’re going to mine cryptos, its best to mine them for yourself and not for a hacker. There are a few steps you can take to stay safe, but the easiest way is to keep everything updated. So far, no ISPs are known to be actively placing crypto mining scripts in routers, so you can trust any updates they roll out for your router – just make sure you install such as soon as possible. In addition to keeping your hardware up to date, you can install an ad blocker or script blocker to help protect yourself from any infected sites. If you want to learn more about how to stay safe from cryptojackers, we put together a detailed guide that you might find useful.
Cryptojacking is becoming more commonplace around the globe, and it’s becoming harder to defend against as hackers become more ruthless. While it’s inevitable that you will be a victim of cryptojacking at some point – whether through a hardware infection or visiting an infected website – there are steps you can take to minimize your risks. Stay safe out there and only mine cryptos for yourself.