More Than 200,000 Routers Hit by Cryptojacking Attack

Reading Time: 3 minutes

Unfortunately, cryptojacking isn’t a new concept, as attacks of this type have been happening for a number of years. It is when malware or a secret script is placed in a hardware device or piece of software – such as a router, pen drive, or plugin. Once this malware or script is triggered, the victim’s device will then begin using spare CPU or GPU power to mine cryptocurrencies. While this style of attack now only works on cryptos with a lower mining difficulty – such as Monero – it is still a popular attack amongst the crypto underworld. If the attackers can gain enough CPU power, they can mine a considerable amount of Monero before their script is snuffed out and removed.

Mikrotik Vulnerability Abused

Routers made by Mikrotik – a Latvian networking company – had a fatal flaw in them that enabled people to gain unauthorized admin access to the router, enabling them to then install anything they want on top of the router’s firmware. The flaw was patched in April 2018, but not all users updated their routers. Updating your router is often the last thing most internet users think about, and leaving a router without firmware updates can be dangerous. It is estimated that around 200,000 of its routers had not been updated and thus were compromised in the attack.

Once attackers gained access to the routers, they injected the CoinHive JavaScript into the hardware, meaning that any device that connects to the router would be forced to give up spare CPU power to mine Monero. As the script was installed on the router, completed hashes could be sent back to the attackers. Following that, they could then deliver fresh sets of work to the compromised network without raising too much suspicion. This is due to the fact almost every malware scanner doesn’t check the router. It works similarly to a router installed VPN, whereby the router handles all the data requests, leaving the PC totally unaware that anything is installed on the router.

Popular Sites Have Begun Cryptojacking

Back in July, we revealed that The Pirate Bay (TPB) was stealing its users CPU power to mine Monero in a similar style to a cryptojacking attack. While TPB didn’t hack into anyone’s router, it did place a similar script into the JavaScript files on its website, meaning any browser that loaded up its website and ran the JavaScript files would then become a miner in its secret pool. Sites are implementing these mining scripts in JavaScript files as most websites use JavaScript to display the website properly, some use it for lazy loading – infinite scroll – and some just for cool effects. Due to this, most web users allow JavaScript to run automatically when they land on a site, the perfect way for cryptojackers to take advantage of your CPU power.

While the cryptojacking script on TPB was purely innocent and designed to help boost revenue, it still poses a threat to unaware users. For example, TPB set the threshold – max CPU power it would steal – to 0.9 (90%). If a user left a tab with TPB open, they would give up to 90% of their total CPU power to TPB to mine Monero. The issue here is that it can cause excessive temperatures on the CPU and around the CPU if the user doesn’t have adequate cooling, this then leads to shorter lifespan of components.

Possibly the Future of Advertising

The prominence of ad blockers has left free content sites running scared. The cost of hosting, maintenance, and great content is increasing all the time, and ad blockers are causing revenues to fall. Apart from becoming paid subscription sites, these free to use sites are running out of options, and cryptojacking provides a solution. While cryptojacking probably isn’t the correct term for it, in essence it’s exactly the same, just with the user’s permission. Salon.com use a Monero mining script and give users the ability to give 30% of their CPU power in return for free content, or they can browse the site without donating CPU power. This could be the solution for many free to use sites all around the globe if they wish to remain “free”.

China is still reeling from a two-year long attack that saw over 1 million computers compromised and nearly $2 million of various cryptos mined illegally. Cryptojacking is proving the most popular form of attack in the crypto world lately, and it will only get worse. Stay tuned to BitStarz News as later this week we will teach you everything you need to know about keeping yourself safe from cryptojackers.

Share