In what will come as shock to Indians, a research found that nearly 30,000 MikroTik routers in India have allegedly been infected with Coinhive, a malware program used to mine privacy-oriented coin, Monero.
The study conducted was global and researched the prevalence of this problem in countries such as Brazil, India, Indonesia, United States of America, Iran, among others. From what we understand, this is one single cryptojacking campaign. However, no company seems to have raised any red flag over this.
Last month, we had reported on a research when it said Indian government websites are the ideal nesting grounds for bad actors planting Coinhive to mine Monero. At the time, a researcher from the team had said, “Hackers target government websites for mining cryptocurrency because those websites get high traffic and mostly people trust them. Earlier, we saw a lot of government websites getting defaced (hacked). Now, injecting cryptojackers is more fashionable as the hacker can make money.”
The research in part, was posted by a Reddit user ban breach who said, “We have been tracking the development of this infection in India for the last month. The number of infections has doubled, and continues unabated. Tier 3 cities are the most infected with 45% of the infected routers. Mumbai, and Delhi/New Delhi leads the pack with 4384, and 2124 infected routers.”
The post on Reddit added that major telecom networks such as BSNL, Reliance Communications and Hathway are allegedly the worst hit. Other networks such as Vodafone and Airtel have nearly 200 infected routers.
Additionally, the original report stated that the routers were being compromised by miscreants exploiting CVE-2018-14847, a critical vulnerability that affects all versions of RouterOS through 6.42. A patch was issued earlier this year by MikroTik, however the latest statistics (above) reveal device owners and network operators have chosen not to apply it.
We reached out to Troy Mursch, the author of the research for answers. We’ll update the article if and when he reverts.
Liked what you read? Join us on Telegram