The company Banbreach providing services in the field of Internet security, found that the number of routers infected with programs for covert mining in India last month, has doubled and reached almost 30 thousand.
A large-scale cyber attack on the MikroTik routers was discovered in early August. Attackers using a vulnerability introduced in router malware script Coinhive for mining Monero (XMR). Initially, the hackers activity was recorded in Brazil, where they were attacked by 170 thousand devices, later it was reported that they were able to infect more than 200 thousands of MikroTik routers around the world.
Search engines Banbreach discover all network devices with public IP addresses. Because routers fall into this category, a company can track passing through the device Internet traffic.
For the study Banbreach broke the regions of India into three groups depending on population density. It turned out that 45% of the infected routers are in the least populated areas.
Thus in the three largest cities with the highest number of infected routers MikroTik (new Delhi, Mumbai and Thana) growth for the month was 500%, said Banbreach.
Coinhive is not by definition malicious IN the script just designed for mining XMR. For example, it was used by the Australian division of Emergency Fund to help children at the UN (UNICEF Australia) to collect donations through a special website. However Coinhive has become one of the favorite tools cryptogamia stealing computing power of infected computers. Monero developers have already announced the establishment of a working group aimed at combating the hidden mining and anti-malware — Malware Response Workgroup.
Recall that recently, cybersecurity experts have discovered in India hundreds of websites infected with a hidden script for mining Monero, and among them were even government portals. According to McAfee Labs, malware for cryptogamia in the second quarter of 2018 grew by 86%.