[cmNOG] [ATTACK] Massive Coinhive Cryptojacking Campaign Infects 170, 000 MikroTik Routers

Sylvain BAYA abscoco at gmail.com
Jeu 2 Aou 15:45:31 UTC 2018 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
[fr en dessous]

Hi cmNOGers,
...are you a Mikrotik User ?
Please read below.
Regards,

[fr]
Ch.e.è.r.e cmNOG-iste,
...Utilisat.eu.r.ice Mikrotik ?
Prière de lire en dessous.

Cordialement,
[/fr]

- --sb.
__
http://www.chretiennement.org


Le jeu. 2 août 2018 1:04 PM, de Brenna Thomas <brenna at cymru.com
<mailto:brenna at cymru.com>> :

    Title: Massive Coinhive Cryptojacking Campaign Infects 170,000 MikroTik
    Routers
    Source: Catalin Cimpanu, Bleeping Computer
    Date Published: August 2, 2018
    Excerpt:

    "According to Kenin, the attacker used one of those PoCs to alter
    traffic passing through the MikroTik router and inject a copy of the
    Coinhive library inside all the pages served through the router.

    We know it's only one threat actor exploiting this flaw because the
    attacker used only one Coinhive key for all the Coinhive injections he
    performed during the past week.

    Furthermore, Kenin says that he also identified some cases where
    non-MikroTik users were also impacted. He says this was happening
    because some Brazilian ISPs were using MikroTik routers for their main
    network, and hence the attacker managed to inject the malicious Coinhive
    code in a massive amount of web traffic.

    In addition, Kenin says that because of the way the attack was
    performed, the injection worked both ways, and not necessarily only for
    traffic going to the user. For example, if a website was hosted on a
    local network behind an affected MikroTik router, traffic to that
    website would also be injected with the Coinhive library."


    To read the complete article see:

   
<https://www.bleepingcomputer.com/news/security/massive-coinhive-cryptojacking-campaign-infects-170-000-mikrotik-routers/>

    [...]



- -- 

Regards,
Sylvain B.
__
Website : https://www.cmnog.cm <https://www.cmnog.cm/>
Wiki : https://www.cmnog.cm/dokuwiki
Surveys : https://survey.cmnog.cm <https://survey.cmnog.cm/>
Subscribe to Mailing List : https://lists.cmnog.cm/mailman/listinfo/cmnog/
Mailing List's Archives : https://lists.cmnog.cm/pipermail/cmnog/
Last Event's Feed : https://twitter.com/#cmNOGlab3
https://twitter.com/cmN0G |
https://facebook.com/cmNOG
https://twitter.com/#REBOOTcmNOG
https://twitter.com/#cmNOG
https://cmnog.wordpress.com/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQIcBAEBCAAGBQJbYycaAAoJEAOHQINlrIWU0H0P/0ahZ7AbEdE1ClCbJFSDAl4S
LjnSENHf2RZYZOxUbcS2H2LLJTCCrDgsvl8aW+T1HKIfyDr7czwl/OSfUJFVI/7R
nOd18dWWT/o5UEy2aG0Bm9PiH4gs4v602gkLdEaZA27HTK1/927Z+Cvj6KzEEm2H
vm31milh4EAa7ZGwZYVK4yCfIBg/Rsjx5HYeO8IFLecD6hLwhxWH/BsEEnUHvEqd
U9TclnIm0PAMRr2KKefV8zr3hr4q/n1VGbHVTQDzrqvtmlnqWklFeHmlHuCiSyqM
coGXNjVU1g/V1/2WXKq8p7b/lcpKzHWEb8CG4bLkVSs6U2WpV2+Fquwh6mSGBHeV
1zKW5zeFhpjvvAK5dmlx3jIi7GOmZTfvLzbIXcWCYZBqC1QCaoGPilU0iVlcEurC
IDohtCGcv5tdiK+OBONWCe5IgKqCI7QtNHwsQbJjra0I60nlVP4KRN+CXbbovrNP
980KI6XrTv/36jtnmmqWsCJFXnmGMEeCcgzOPYH+0Lo726VE0VQKSKCiWsRH036B
huQ2zih/ZrPiFcAw9cZj/VyNqMJojUG77achDJqZss/B35QEbBHpApfalJvFuHpV
b6XajeAQN38PqhFLMKnWOKtPq86G+Hh4ruu8PNKymw00yWX9WN9t1cndARtBx6HU
Rbegoi6XXWb5F5PjPOY4
=qken
-----END PGP SIGNATURE-----

-------------- section suivante --------------
Une pièce jointe HTML a été nettoyée...
URL: <https://lists.cmnog.cm/pipermail/cmnog/attachments/20180802/c5144eb1/attachment.html>

Plus d'informations sur la liste de diffusion cmNOG