CoinHive Attack on MikroTik routers
According to Shodan report, there are about 100000 MikroTik routers infected by
Top-5 countries by the number of infected hosts on 2018 Aug 20 are:
Brazil - 87935
India – 3505
Indonesia - 1028
Republic of Moldova - 995
Russian Federation - 951
In Ukraine, there are 172 infected hosts by this moment.
A zero-day vulnerability has been detected in MikroTik routers firmware. Please read our recommendations for the vulnerability elimination:
1. Update the firmware to versions v6.42.1 or v6.43rc4.
2. Change the settings of Winbox. Default port 8291 replace by custom and limit access to this port in "Available From" field by putting IP address or the range of IP addresses that have access to this port.
3. Change the passwords of all administrators on the MikroTik routers.
We recommend following our instructions for all routers with MikroTik firmware.