A new software, which mines Monero (XMR) without the user’s permission, has infected a lot of devices in Brazil, according to Simon Kenin, cybersecurity researcher at Chicago-based Trustwave who has discovered and analyzed the threat. The malicious miner uses the popular CoinHive script and a vulnerability in MikroTik routers.
Unlike other viruses, this one targets routers instead of individual PCs, Kenin wrote. MikroTik, the company whose devices were targeted, has patched the hole within a day of its discovery on April 23. However, many users have not updated to the latest version of the firmware and were targeted. It is hard to say how many routers are now vulnerable, but estimates go over 170,000 or even 200,000.
“[T]here are hundreds of thousands of these devices around the globe, in use by ISPs and different organizations and businesses, each device serves at least tens, if not hundreds, of users daily,” Kenin noted.
The threat has the potential to reach a global scale, presuming users do not update.
This is yet another case of malware, discovered by analysts since the beginning of August. Last week, a research on ZombieBoy showed an example of a slightly different approach - targeting servers and having a different mining solution.
Kenin has also criticised the new malware’s operators for being a bit too careless with their broad approach. Unlike them, the people behind SamSam, were a way more sophisticated and had a very deliberate way of choosing their targets.