Monero is in the spotlight again in relation to a cryptojacking scheme discovered in Brazil, BleepingComputer reports.
Simon Kenin of Trustwave, an American cybersecurity company, picked up on an excessive recurrence of the Coinhive crypto-mining software appearing on Mikrotik routers in the South American country.
Coinhive is a popular piece of software designed to mine Monero legally but has frequently been repurposed by hackers for so-called crypto-jacking activities. Crypto-jacking is when hackers subversively install mining software on users machines without their knowledge and route the mined cryptocurrency to their own wallets.
Latvian computer manufacturer Mikrotik has reportedly sold as many as 70,000 routers in Brazil, all of which are potentially susceptible to the crypto-jacking malware.
Twitter user MalwarehunterBR first spotted the attacks earlier this week before they grew so large that Trustwave got involved. In the investigation by Trustwave, Kenin found that every copy of Coinhive was sending the mined Monero to the same wallet, meaning one hacker or hacker group is profiting from the entire scam.
He discovered an online message posted in Portuguese by Reddit user u/SilkR0ad on the r/InternetBrasil subreddit that describes the exact nature in which Coinhive mining software affects an infected machine.
In the message the user notes:
“I changed DNS, disconnected the router and connected directly to the modem, but it did not work.”
The malware takes advantage of a vulnerability in Mikrotik routers that allows unauthenticated remote access. Mikrotik has reportedly released a patch for routers that have reported the problem but thousands more are still infected.
Usually, hackers distribute the software using malicious links in websites but Kenin points out that by using the direct infrastructure supporting internet connections this malware spreads far wider and much quicker.
“Each device serves at least tens if not hundreds of users daily”, he said.
China and parts of Southeast Asia have been heavily affected by crypto-jacking in the past few months. Recently, Japan cracked down heavily on crypto-jacking activities, arresting 16 people in June this year.
Image From Shutterstock