The first hint of attacks was discovered by researcher who goes by the nickname MalwareHunterBR and who tweeted, that the miner has started to spread at an alarming rate. In addition to this, news have also broken out that the first stages of the attack compromised about 70 thousand routers alone.
What is Behind Coinhive’s Infection Success
What is believed is that the hacker may have used one of the exploits for MikroTik devices to perform a zero-day type of attack through one device and then in the device drop a copy of the Coinhive library. This library is also in all of the pages which are displayed by the router, making all of the devices connected to it vulnerable.
And furthermore, since the zero day has been exploited by using only one Coinhive key for all of the injections performed by cooinhive via the past week, it is belived that only one attacker is behind the attack.
The injection has worked with a tremendous success because of the fact how the attack is done and the fact that the infection process has succeeded in obtaining incomingand outgoing traffic control successfully.
For more information and removal of the Coinhive miner, you should visit the related article underneath:
The Attack Is Now Spread on A Global Scale and Will Likely Continue Increasing
Since the miner virus has been used to gain control of an insane ammount of traffic in a short timeframe, a lot of users and ISPs are likely to fight back and this is the main reason why researchers believe that the hacker behind this version of Coinhive miner knows that.
According to Trustwave researchers, ISPs and users who are currently using MikroTik routers should be on alert as the threat has now been detected on other countries as well. And with this much traffic being hijacked directly from the routers instead of end devices, it is definitely a good idea to take measures as this issue affects hundreds of users on a daily basis.
The CoinHive Miner Focused on Monero