The cryptojacking malware was first discovered in August. According to a Trustwave report, the malware attacked the MikroTik routers after their systems became vulnerable earlier this year in April. Initially, hackers had penetrated 175,000 routers and then expanded to Eastern Europe, where they attacked 25,000 more routers. The hackers were using Coinhive and 15 other malware to mine XMR.
Since it was discovered, Twitter user VriesHd and researchers from Bad Packets have been following the cryptojacking malware. In September, they reported the number of affected MikroTik routers have risen to 280,000. In his recent tweet, VriesHd explains that the numbers have doubled since the initial attacks.
Just three different ways to abuse vulnerable Mikrotik routers to try to mine cryptocurrencies. Total combined 415 thousand results. Many more ways active. pic.twitter.com/u01HEr2UQy
— Kira 2.0 (@VriesHd) December 2, 2018
According to VriesHd, the number is derived from checking three possible ways hackers could be abusing MikroTik, although the number could be higher since the data reflects IP addresses known to have been infected with cryptojacking scripts. He noted that it would not surprise him if the actual number totals to somewhere around 350,000 to 400,000.
To protect themselves from the malware, Bad Packets Report security expert Troy MUrsch advises MikroTik router users to download the latest firmware version available for their device. This will prevent the malware from using their routers to mine cryptocurrencies.
Cryptojacking cases continue to rise with figures increasing by 500% this year. According to reports, Brazil is the leading country affected by the malicious malware. Research shows that Coinhive has hit the country over 81,000 times in October. India ranks second with 29,000 discovered incidents followed by Indonesia, which has more than 23,000 cryptojacking cases.