MikroTik Routers Compromised with Crypto Mining Malware Coinhive

cageymaru

cageymaru

Fully [H]
Joined
Apr 10, 2003
Messages
21,633
A known vulnerability in MikroTik routers that was patched within a day of being discovered has been used by hackers to force whole networks of computers to mine cryptocurrency. The exploit causes the router to inject Coinhive's Javascript into every web page that the router visits causing all networked PCs to mine Monero for the attacker. The exploit started in Brazil and has spread globally. You can track the infection with Bad Packets Report on Twitter. As of now over 209,000 devices are infected.

Of course the cure to all of this madness is to simply keep your router's firmware and software up to date. Instructions on how to patch RouterOS on your MikroTik router and the latest version of WinBox can be found here.

It's a good reminder for users and IT managers who are still running vulnerable MikroTik routers in their environment to patch their devices as soon as possible. A single patch, which is available since April is "enough to stop this exploitation in its tracks."
 
D

Deleted member 93354

Guest
Wow that's surprising. Mikrotik makes some of the most powerful routers based on open source. Every pro net website I go to says they are near the top in terms of speed, security and features.


It's awesome they got a fix out in a day however. I have never seen any vendor respond that fast. (Even Cisco)
 
B

BSmith

[H]ard|Gawd
Joined
Nov 9, 2017
Messages
1,323
For smaller clients I have been using MicroTik for years. They do turn things quickly when an error is found.

I check their site every month for updates and the reason for those updates. I have no qualms about continuing to use or recommending them.
 
P

PantherBlitz

Limp Gawd
Joined
Apr 14, 2011
Messages
421
Good for them. I'm at Verizon's mercy as far as router patches go. I'm sure their response to something like this would be to sell me a different router.
 
Wolf_Tech

Wolf_Tech

Limp Gawd
Joined
Sep 19, 2010
Messages
231
Lol saw one of these in a business the other day replace with microtik from a cisco managed router. The cisco was working fine but there tech guy sold them this microtik for 700.00 cost on amazon was 49 bucks. I really love how other tech pray on stupid people and rip them off.
 
D

Dead Parrot

2[H]4U
Joined
Mar 4, 2013
Messages
2,831
Found this chasing info on the actual WinBox bug:

Mitigation Techniques
  • Update your RouterOS to the last version or Bugfix version
  • Do not use Winbox and disable it :| it's nothing just a GUI for NooBs ..
  • you may use some Filter Rules (ACL) to deny anonymous accesses to the Router

If folks have left their routers open to anonymous access, not the router company's fault.
 
Zarathustra[H]

Zarathustra[H]

Extremely [H]
Joined
Oct 29, 2000
Messages
36,092
It still amazes me how few people actually keep their shit up to date. And when it comes to MikroTik, these are more likely than not enterprise users. They really should know better.
 
Zarathustra[H]

Zarathustra[H]

Extremely [H]
Joined
Oct 29, 2000
Messages
36,092
Dead Parrot said:
Found this chasing info on the actual WinBox bug:

Mitigation Techniques
  • Update your RouterOS to the last version or Bugfix version
  • Do not use Winbox and disable it :| it's nothing just a GUI for NooBs ..
  • you may use some Filter Rules (ACL) to deny anonymous accesses to the Router

If folks have left their routers open to anonymous access, not the router company's fault.
Click to expand...

True,

But I would argue that as a risk mitigation, no router should ship from the factory with default settings allowing anonymous access...
 
B

BSmith

[H]ard|Gawd
Joined
Nov 9, 2017
Messages
1,323
Unfortunately, there are a lot of people using MicroTik and have no idea how to properly configure them. Properly configured, they are as good, if not better, than any other router in that class.
 
D

Deleted member 93354

Guest
Zarathustra[H] said:
True,

But I would argue that as a risk mitigation, no router should ship from the factory with default settings allowing anonymous access...
Click to expand...

Most reputable companies dont. I know my netgear doesn't. Linksys (Belkin) does this also. That is why there is a password sticker pasted on the bottom and different from every router shipped.
 
S

Spidey329

[H]F Junkie
Joined
Dec 15, 2003
Messages
8,683
PantherBlitz said:
Good for them. I'm at Verizon's mercy as far as router patches go. I'm sure their response to something like this would be to sell me a different router.
Click to expand...

Guaranteed with anything Verizon. My Dad has Verizon Wireless and couldn't get any cell coverage at his house - their engineers analyzed it and found he was perfectly in a deadzone between towers. So they told him he'd need a cell-to-IP device (Network Extender). Kicker? $300, he has to provide the internet (and the liability), and you can't block users from connecting. So you're essentially paying to extend Verizon's network for them and they instruct you to put it into a window. Not because it needs a cell tower, but because they want you to maximize the coverage to other people.

They're very anti-customer.
 
A

admiralperpetual

Limp Gawd
Joined
May 7, 2015
Messages
416
according to TP cast my router has NEVER had a firmware upgrade.....

the bottom of my unit says its the 'canadian' version, and support says I can't use the US firmware updates.. dare I try anyway? (it's the Archer C2 AC750, is now EOL so they aren't pushing updates to speak of anyway blah)
 
cageymaru

cageymaru

Fully [H]
Joined
Apr 10, 2003
Messages
21,633
admiralperpetual said:
there's technically a version of OpenWRT for it but it doesn't even have a GUI :S boo-urns
Click to expand...
Can't be that hard to setup though. I'd make a thread about it in the appropriate forum here and ask for someone to walk you through a setup. I'm sure someone will oblige you. ;)
 
You must log in or register to reply here.
Top