Attacker Installs Crypto Mining Malware on Over 170,000 Devices

Coinhive was installed on more than 170,000 devices in Brazil last month.

AccessTimeIconAug 9, 2018 at 5:00 p.m. UTC
Updated Aug 18, 2021 at 9:36 p.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

More than 170,000 devices in Brazil were targeted in a cryptojacking attack last month.

According to a blog post published by security firm Trustwave, a wide-scale cyberattack was launched on MicroTik routers. The effort led to the installation of the Coinhive mining software in a "mass" infection of more than 17,000 devices.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • Trustwave security researcher Simon Kenin wrote that all of the devices used "the same sitekey," indicating that one entity reaped the mined tokens from all of the devices.

    He wrote:

    "This attack may currently be prevalent in Brazil, but during the final stages of writing this blog, I also noticed other geo-locations being affected as well, so I believe this attack is intended to be on a global scale."

    According to a previous post by Trustwave, also co-authored by Kenin, Coinhive gained traction in 2017 as a service that claimed to provide monetizing solutions for websites without using any advertisements. Instead, site owners were to embed JavaScript code that would take hold of the central processing unit (CPU) power of site visitors to mine the cryptocurrency monero.

    However, mining reportedly ended up costing site visitors up to 99 percent of their CPU processing power, leading to further issues for consumers as their devices generated more heat and used up large amounts of electricity.

    Trustwave has since released a detection tool to block the mining malware, and as Kenin explains in his most recent post, readers should heed his "warning call" and patch any MikroTik devices "as soon as possible," emphasizing that the severity of the attacks could reach "hundreds of thousands" of consumers around the globe.

    Kenin also reports that illicit cryptocurrency mining operations such as these are "a trend we've been seeing a lot of over the last three years, as attackers shift from ransomware into the world of miners."

    Such sentiments are being echoed by other cybersecurity firms such as Skybox Security which also reported in their 2018 mid-year update that among cybercriminals, crypto mining now accounted for 32 percent of all cyberattacks, with ransomware making up 8 percent.

    Typing image via Shutterstock

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.