Researchers claim that 400,000+ MikroTik routers are infected

The MikroTik mining virus was first discovered in August in Brazil, but has since continued to spread throughout the world.

According to a December 2 tweet from Vried HD, malware that targets MikroTik routers may be present on more than 415,000 routers worldwide. 

More than 170,000 routers in Brazil have been infected with a mining virus, according to research firm Ban Packets LCC. Security expert Simon Kenin from Trustwave described the attack as follows:

The attackers decided that it was much more profitable to infect end-user computers rather than small sites with a small number of visitors.

According to Bad Packets, the epidemic continues to spread - by August 25, about 3,000 more MikroTik routers connected to the American provider Cogent were infected. A month later, more than 600 routers belonging to Douglas County utilities were infected with the virus. Increasingly, attackers are using MinerAlt software, which is used to mine Monero. 

And although malware creators continue to develop their product, there is at least one method by which Internet providers, users and MikroTik owners can protect themselves. This is a patch released back in April. The MirkoTik patch, aimed at eliminating the “zero-day vulnerability,” was released shortly after users in the Czech Republic noticed hacker activity aimed at the Winbox service, which is built into all MikroTik routers. 

Despite this, even after numerous warnings about the need to update routers - from MikroTik and security researchers - there are still a huge number of devices infected with this virus. 

A researcher from Vries HD told Hard Fork:

Users urgently need to update their routers, but most of them buy routers from Internet providers, whose employees often do not know how to set it up. A patch to resolve this issue was released several months ago, but unfortunately many providers are simply unwilling to take any action to fix the problem.

According to www.ethnews.com