An attack known as a zero-day vulnerability hit routers in Brazil.

Fraudsters carried out a sophisticated stealth mining attack, infecting hundreds of thousands of MikroTik routers across Brazil. The goal of the attack is to create a massive XMR mining bot platform.

Criminals were able to infect devices with malicious code by secretly running the CoinHive service in the background. CoinHive is a cryptocurrency mining service that uses the computing power of a computer through any browser running a website with embedded code to mine the Monero coin (XMR). Often this scheme is used for charity purposes or as an option instead of viewing advertising, but, unfortunately, not this time. Such an attack is known as a zero-day vulnerability, that is, the use of previously unknown vulnerabilities in the code. This allowed CoinHive to run on every page visited by infected routers, potentially millions of websites loaded every day.

The attack began this week and is in its early stages. BleepingComputer reports that the number of affected routers exceeds 200,000. Despite the fact that a fix for this vulnerability was released by the manufacturer back in April, routers are often not updated. This means that anyone with a MikroTik router is strongly advised to update it immediately.

Analysts fear this could become a global epidemic. SpiderLabs researcher Simon Kenin wrote in his report: “This is a very serious attack. There are hundreds of thousands of these devices around the world, used by Internet service providers and various organizations and businesses, with each device serving tens, if not hundreds of users every day.”

Scripted crypto attacks such as CoinHive are becoming very popular. Fraudsters now prefer stealth mining over ransomware because this way they can continue to mine secretly for a longer period of time and can earn more money than through ransomware. 

So make sure you don't have a MicroTik router, and if you do, contact the manufacturer to get an official update.

According to thenextweb.com