Coinhive malware infects tens of thousands of MikroTik routers
August 06, 2018 / Michael Heller
The cryptominer Coinhive malware has infected tens of thousands of MikroTik routers around the world, as malicious actors take advantage of poor patching habits by users. Poor patching practices by vendors and users are once again coming back to bite users around the world, as a researcher discovered a cryptominer being spread to unpatched MikroTik routers. The Coinhive malware was first found spreading through routers in Brazil. Simon Kenin, security researcher for Trustwave, based in Chicago, discovered the Coinhive malware infection originating from Brazil and first assumed it was a more common website compromise attack to inject the cryptomining code. But more digging revealed the infection was spreading through MikroTik routers. Kenin said malicious actors were exploiting a vulnerability in the routers that MikroTik had patched in April -- just one day after the flaw was first discovered.