Inside money, markets, and big tech

The crypto-jacking epidemic continues, 280K infected routers detected to date

Thousands more routers have been found to be running CoinHive unawares

The blockchain space has been under siege by a massive crypto-jacking campaign. It’s designed to surreptitiously steal your computer power to mine cryptocurrency – and it appears the attackers are showing no signs of slowing down.

Just in the past couple of days, researchers have found an additional 3,700 routers to be running malicious cryptocurrency software in secret. As it stands, the total number of compromised devices detected exceeds 280,000 – an increase of 80,000 in just over 30 days.

The attack first made headlines at the start of August, when hackers compromised more than 200,000 routers across Brazil. Attackers managed to pull off a “zero-day style” attack on MicroTik routers, by exploiting previously undiscovered vulnerabilities.

Routers have been injected with a modified version of CoinHive, a small piece of code that enables simple browsers to mine Monero. So widespread is CoinHive, that recent research indicates that over $250,000 is generated by its associated cryptocurrency botnet every month.

As such, now is a perfect time to check if you have a MicroTik router. If you do, immediately update it with an official patch from the manufacturer.

For what it’s worth, crypto-jacking isn’t the only active threat currently making the rounds.

A dangerous Trojan horse virus, known as Android Banker, is currently spreading across the internet. First discovered in January, nearly 200 banking apps are specifically targeted. If affected, all usernames and passwords should be considered compromised.

Android Banker has the power to bypass two-factor authentication systems to steal usernames and passwords. Popular cryptocurrency services under threat include Bitfinex and Blockfolio.

The threat is so high that security researcher Lukas Stefanko re-issued his warning in an attempt to spread the word. In a note to Hard Fork, Stefanko highlighted that “targeted financial or cryptocurrency services could be dynamically changed and customized to the particular victim,” making this a very dangerous threat, indeed.

As Android Banker is primarily distributed via fake versions of Adobe Flash Player, protecting yourself is relatively simple: ensure that apps from unknown sources are blocked and can never be run.

If all this talk of Trojan horses and malware has to feeling a little exposed, here is a handy resource that details the most effective ways at curbing the threat of phishing and other unwanted digital nasties.

Published September 10, 2018 — 16:12 UTC