{"id":270813,"date":"2018-08-04T07:09:00","date_gmt":"2018-08-04T05:09:00","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=270813"},"modified":"2018-08-04T07:10:34","modified_gmt":"2018-08-04T05:10:34","slug":"hackers-use-router-security-bug-for-cryptojacking","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/270813-hackers-use-router-security-bug-for-cryptojacking.html","title":{"rendered":"Hackers use router security bug for cryptojacking"},"content":{"rendered":"<p>Trustwave security researchers have\u00a0<strong><a href=\"https:\/\/www.trustwave.com\/Resources\/SpiderLabs-Blog\/Mass-MikroTik-Router-Infection-\u2013-First-we-cryptojack-Brazil,-then-we-take-the-World-\/\" target=\"_blank\" rel=\"noopener\">discovered<\/a><\/strong> a cryptojacking attack affecting MikroTik routers, <strong><a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/08\/03\/routers-turned-into-zombie-cryptojackers-is-yours-one-of-them\/\" target=\"_blank\" rel=\"noopener\">Sophos reported<\/a><\/strong>.<\/p>\n<p>The attack relies on a vulnerability which MikroTik disclosed and patched in April 2018, which it said &#8220;allowed a special tool to connect to the [administration] port, and request the system user database file&#8221;.<\/p>\n<p>This user database file contains usernames and passwords in plaintext.<\/p>\n<p>In this case, the attackers used the credentials to get into the router and replace the error.html file, which is transmitted when the MikroTik&#8217;s built-in web proxy is enabled and there is an HTTP error of some kind.<\/p>\n<p>The error.html file the attackers loaded into routers included a CoinHive cryptocurrency mining script. If you are on a network powered by a hacked MikroTik router and you experience a web browsing error, you will end up mining cryptocurrency.<\/p>\n<p>Sophos said the attack is only effective when browsing HTTP sites, as the MikroTik proxy doesn&#8217;t support HTTPS.<\/p>\n<h3 class=\"my-4\">Now read:\u00a0<a href=\"https:\/\/mybroadband.co.za\/news\/cryptocurrency\/270197-steam-game-accused-of-mining-cryptocurrency.html\">Steam game accused of mining cryptocurrency<\/a><\/h3>\n","protected":false},"excerpt":{"rendered":"<p>Trustwave researchers discovered a cryptojacking attack affecting MikroTik routers.<\/p>\n","protected":false},"author":23,"featured_media":243124,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[46487,48058,52893],"class_list":["post-270813","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-coinhive","tag-cryptojacking","tag-mikrotik"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/270813"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/23"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=270813"}],"version-history":[{"count":2,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/270813\/revisions"}],"predecessor-version":[{"id":270821,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/270813\/revisions\/270821"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/243124"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=270813"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=270813"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=270813"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}