They revealed that routers by Mikrotik, a Latvian manufacturer of network equipment, were compromised by at least 16 different types of malware including Coinhive, a cryptojacking software mining privacy-oriented cryptocurrency Monero (XMR).
By September the estimated number of compromised routers surpassed 280,000, according to Bad Packets. In the recent tweet VriesHd explains that he has only checked three possible ways to abuse MikroTik, although there may be several more. VriesHd’s review, which is only based on preliminary projections, shows 415,000 routers affected.
As VriesHd told tech news outlet The Next Web, the attackers have recently switched from Coinhive to other mining software, such as Omine and CoinImp. He also noted that the exact number might be slightly off, as the data only reflects IP addresses infected. However, he believes the number is still high. “It wouldn’t surprise me if the actual number [...] would be somewhere around 350,000 to 400,000,” VriesHd said.
As Cointelegraph previously reported, Brazil is the most affected by cryptojacking. According to research by Iran’s cybersecurity authority, Brazil was hit over 81,000 times by Coinhive in October alone. India came in second with around 29,000 incidents, followed by Indonesia with more than 23,000. Iran itself experienced around 11,000.
According to a Bloomberg report, the total number of crypto mining malware infections increased 500 percent this year after hackers allegedly stolen a code targeting Microsoft Systems from the U.S. National Security Agency (NSA).
Another report by network and enterprise security company Palo Alto Networks found that around 5 percent of all Monero in circulation was mined through cryptojacking.