About 200,000 Mikrotik routers are potentially vulnerable to the latest vulnerability that was developed by hackers to install and distribute the cryptojacking software that Monero exploits Monero.
A team called Bad Packets is monitoring the spread of infections from the first vulnerability report on August 2, 2018. The vulnerability exists in the administrative part of the Mikrotik code, allowing attackers full access to the routers. Carrier class used by companies around the world. Hackers have added the Coinhive cryptominerator to microtip routers used in countries such as Brazil, India, Indonesia and the United States. This vulnerability is used to inject the Coinhive Miner into computers that are connected to the Internet through an affected Mikrotik router. Millions of PCs are at risk from this attack. Simon Kenin, security researcher at Spider Labs, writes:
“Let me emphasize how bad this attack is.” The attacker thought wisely, rather than infecting small websites with a few visitors, or finding sophisticated ways to run malware on end-user computers, would go directly to the carrier-class router source.
The current CVE-2018-14847 vulnerability is different from the major vulnerability first reported in March 2018. The security issue, which was reported extensively in the media, was called “VPNFilter”. It could allow any attacker to take control of a vulnerable Mikrotik router. Mikrotik fixed this vulnerability in March 2017.
The current vulnerability was barely registered by the press and has profound implications for all interested microtome operators. Because of this, hackers have taken control of more than 200,000 routers and are actively injecting mining malware, packet scanners, etc. Unlike the VPNFilter lagoon, the reboot does not allow the attacker to get rid of the router.
Despite the warnings of many security researchers, none of the domains used by the attackers were reported or blocked by the primary providers. As VriesHd said.
To eliminate the hacker from the router, all interested Mikrotik router operators must cleanly update the Mikrotik firmware to the latest version (6.43) and use the latest Winbox Control Panel (3.18).