MikroTik: 415 thousand routers affected by cryptominer
Cryptomining – while the boom is lessening and gamers can at least buy graphic cards for normal prices again the virtual currencies are still valuable enough for people to want to exploit other user’s devices for their personal gain.
Smartphones, PCs, and routers have been targeted with cryptomining Trojans in the past. One of the companies affected has been MikroTik with their routers. The vulnerability has been discovered and patched in summer but there appear to be still hundreds of thousands of users that are affected by the Trojan.
A little bit of history
In summer it was discovered that MikroTik routers are vulnerable to CVE-2018-14847. That’s a vulnerability that in the end allowed attackers to install Coinhive, a cryptomining software, on unpatched routers. All routers with a firmware up to 6.42 were affected.
MikroTik decided to fix the issue rather fast and released a patch in August. That means that all Firmware versions starting with 6.42.1 are secure. All the users would have to do is update their routers.
415 thousand routers affected
Yet updating is not a user’s strength. While everyone is already having a hard time with it when it comes to software, updating a router seems like an insurmountable task. That’s probably why a security researcher discovered that the amount of infected routers has doubled since summer 2018 – to 415 thousand affected routers.
Just three different ways to abuse vulnerable Mikrotik routers to try to mine cryptocurrencies. Total combined 415 thousand results. Many more ways active. pic.twitter.com/u01HEr2UQy
— Kira 2.0 (@VriesHd) 2. Dezember 2018
Updating the MikroTik is not a hard task, yet most people probably do not know how to do it or that it is even possible. While there is even an automatic upgrade feature in the RouterOS one still has to log in and click on upgrade. Considering the average user, it is highly unlikely that most people ever log into the interface after setting the router up.
Update, Update, Update
It is always important to keep your software, drivers, and in this case firmware up-to-date in order to not offer cyber criminals an extra gateway to get on your device. Also make sure to take care of those open ports. There are tools to help with both tasks, so you basically have no excuse not to stay secure.