MikroTik Routers Compromised in Coinhive Cryptojacking Campaign

Security researchers have recently uncovered a massive cryptojacking campaign that relies on compromised MikroTik routers. It targets these routers to conduct cryptocurrency mining by changing its configuration. It injects a copy of the Coinhive in-browser cryptocurrency mining script into every web page that a user visited.

The campaign has taken off the ground this week and was in its initial stages. It mainly focused on compromising devices located in Brazil but later began targeting MikroTik routers in other geo-locations all over the world. In total, 210,000 MikroTik routers have been compromised.

MikroTik routers compromised


The hack exploits a security flaw in Winbox, a remote management service bundled in MikroTik routers’ operating system, RouterOS.  This flaw was was reportedly discovered early this year (April 2018) but accordingly patched the next day.

If you own a MikroTik router, it is advised that you should install the the latest MikroTik firmware as soon as possible. Also, as an added precaution, security mechanisms such as firewalls should always be enabled.