The affected routers, manufactured by MikroTik, have been infected with crypto-mining malware that hijacks the CPU capacity.
The attacks, which first started in August and then affected more than 200 000 routers, are evidently still going strong, doubling the number of victims in the last 3 months. Initially, the majority of affected hardware was concentrated in Brazil but has since spread out globally. A representative of VriesHD, one of the research organizations, told Hard Fork: “It wouldn’t surprise me if the actual number of all infected routers would be somewhere around 350 000 to 400 000”.
Even though the infection is widespread, there are ways for clients to protect their devices. Security experts such as VriesHD and Bad Packets Report advise everyone whose router has been affected to download the latest firmware version for their device. The patch has been available for quite some time, but not many end clients know how to update the routers manually.
Internet service providers are also to blame partly, as they don’t always take the necessary measures to prevent the malware from spreading. The distributed routers used by most IPSs are with limited rights, making the manual change even more complicated and blocking the way for clients to protect themselves.
VriesHD’s representative said: “Unfortunately, it appears tons of ISPs simply won’t take action to mitigate the attacks.” The spreading of malware could be battled, he added, with forced over-the-air updates of the devices.
Professionals point out that seemingly the hackers’ interest has shifted from CoinHive, which they used to prefer, to other types of software. Now, CoinInmp and Omine are used at least as much as Coinhive, whereas in the previous months the Monero mining software was used for 80-90% of the attacks.