MikroTik mayhem – Cryptomining campaign abusing routers

Since MikroTik issued a patch in April for the later disclosed CVE-2018-14847, hackers have been quick to exploit this vulnerability to execute attacks ranging from cryptomining to eavesdropping. From September 19th to October 15th, Avast blocked malicious cryptomining URLs related to infected networks with MikroTik gateways, also known as the WinBox vulnerability, over 22.4M times – blocking it for more than 362,616 users on 292,456 networks in the Avast network alone.

REFERENCES:
https://blog.avast.com/mikrotik-routers-targeted-by-cryptomining-campaign-avast
https://badpackets.net/200000-mikrotik-routers-worldwide-have-been-compromised-to-inject-cryptojacking-malware/
https://twitter.com/vrieshd/status/1040288152592830465?lang=en
https://docs.google.com/spreadsheets/d/1RdT_r4fi4wPx5rY306FftVKaXiAZeQeb5fx78DmbVx0/edit#gid=0
TAG: