CoinHive Attack on MikroTik routers

According to Shodan report, there are about 100000 MikroTik routers infected by Coinhive.

Top-5 countries by the number of infected hosts on 2018 Aug 20 are:

Brazil - 87935

India – 3505

Indonesia - 1028

Republic of Moldova - 995

Russian Federation - 951

In Ukraine, there are 172 infected hosts by this moment.

A zero-day vulnerability has been detected in MikroTik routers firmware. Please read our recommendations for the vulnerability elimination:

1.      Update the firmware to versions v6.42.1 or v6.43rc4.

2.      Change the settings of Winbox. Default port 8291 replace by custom and limit access to this port in "Available From" field by putting IP address or the range of IP addresses that have access to this port.


3. Change the passwords of all administrators on the MikroTik routers.

We recommend following our instructions for all routers with MikroTik firmware.