MikroTik routers are attack targets in Brazil; see how to protect yourself

A new hacker attack uses MikroTik's routers to hijack the user's traffic and use the victim's computer to mine the cryptomaned Monero. Details were unveiled on Wednesday (1) by SpiderLabs, research arm of security firm Trustwave. According to the report, the attack reaches more than 170, 000 devices worldwide, most of them in Brazil.

READ: World-wide failure hits PCs and may leave you in danger

The exploit exploits a vulnerability in the manufacturer's home and business Wi-Fi devices. The bug is known to have been released since April, but most users do not have the habit of downloading system updates that bring this kind of protection. Recently, devices from the same manufacturer were targeted by the VPNFilter malware, which exploited another device failure.

Want to buy cell phone, TV and other discount products? Know the Compare

Problems with Wi-Fi and possible solutions

The attack involves a popular public code of CoinHive, known for making web pages hijack the netizen's computer resources to mine coins. This time, however, the method is more sophisticated as it does not reach only specific addresses. Initially, the investigation revealed that Internet error pages are more likely to contain the code. However, infection of many routers has the potential to take the problem to any site.

According to SpiderLabs, affected routers distribute the code directly into traffic to activate the forced mining mechanism. Therefore, known methods to prevent the web process should not work.

Infected routers insert the mining code on the pages to hijack the processing power of the PC and produce the crypto-coins. Interception can occur in two directions: from the home router or from the network infrastructure behind a site. Therefore, the user does not necessarily have to have a Mikrotik router to be affected.

Why hackers use cryptomination?

Hackers have changed their attack strategy: from ransomwares, they started mining crypto-coins. In the first case, the criminal requires a ransom payment to release hijacked files, but the amount may not be paid if the victim has a backup available. By using mining, malicious code can go unnoticed by the user for longer, using computer hardware to mine in secret.

The criminal's intention is to use a computer network to work for him. Thus, coins can be generated without having to spend on electricity or invest in equipment. The consequence for the user is an overheating of the computer and, with this, a more accelerated wear of the device. Monero is the currency most used in this type of coup for further preserving the anonymity of transactions, compared to Bitcoin.

How to protect yourself

If you have a Mikrotik router at home, the most effective way to protect yourself from the cryptomination attack is to upgrade the device's RouterOS software. Here's how:

Step 1. Access the Mikrotik downloads page and download the latest (Current) version of the system to your router. Save the file in an easily accessible location on the computer, such as the desktop;

Download a newer version of the Mikrotik router system

Step 2. Open the Winbox management program, which comes with Mikrotik routers. Enter the IP address of the router and the access password to enter;

Access the Mikrotik router panel via Winbox software

Step 3. Access the "Files" menu and drag the update file into the window. The package download will start automatically;

Insert the update file on the Mikrotik router

Step 4. At the end, go to the "System" menu and click "Reboot". The router will be restarted to install the update.

Restart the Mikrotik router to apply the update

Via SpiderLabs

How to troubleshoot the router? Ask your questions in the Forum