{"id":1436,"date":"2018-12-07T13:57:34","date_gmt":"2018-12-07T13:57:34","guid":{"rendered":"https:\/\/icoholder.com\/blog\/?p=1436"},"modified":"2025-06-05T17:15:46","modified_gmt":"2025-06-05T17:15:46","slug":"routers-infected-with-malware-threaten-cryptocurrency-mining","status":"publish","type":"post","link":"https:\/\/icoholder.com\/blog\/routers-infected-with-malware-threaten-cryptocurrency-mining\/","title":{"rendered":"415,000 Routers Infected with Malware to Mine Cryptocurrency Secretly"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_75 counter-hierarchy ez-toc-counter ez-toc-light-blue ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/icoholder.com\/blog\/routers-infected-with-malware-threaten-cryptocurrency-mining\/#MikroTik_Routers_Are_the_Primary_Target\" >MikroTik Routers Are the Primary Target<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/icoholder.com\/blog\/routers-infected-with-malware-threaten-cryptocurrency-mining\/#Global_Spread_of_the_Infection\" >Global Spread of the Infection<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/icoholder.com\/blog\/routers-infected-with-malware-threaten-cryptocurrency-mining\/#Expert_Estimates_and_Shift_in_Malware_Preferences\" >Expert Estimates and Shift in Malware Preferences<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/icoholder.com\/blog\/routers-infected-with-malware-threaten-cryptocurrency-mining\/#How_to_Curtail_the_Attacks\" >How to Curtail the Attacks<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/icoholder.com\/blog\/routers-infected-with-malware-threaten-cryptocurrency-mining\/#Summary\" >Summary<\/a><\/li><\/ul><\/nav><\/div>\n<p data-pm-slice=\"1 1 []\">Crypto-jackers are not resting and keep devising new schemes to mine virtual assets fraudulently. The latest involves routers infected with malware. Researchers found that over 415,000 routers worldwide are infected. This malware steals computing power to secretly mine cryptocurrency.<\/p>\n<h3 data-start=\"520\" data-end=\"563\"><span class=\"ez-toc-section\" id=\"MikroTik_Routers_Are_the_Primary_Target\"><\/span>MikroTik Routers Are the Primary Target<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p data-pm-slice=\"1 1 []\">The hijack, still ongoing, mainly targets MikroTik routers. This is not the first time hackers have gone after MikroTik. In August, over 200,000 devices were found infected. Since then, attacks have more than doubled.<\/p>\n<h3 data-start=\"978\" data-end=\"1012\"><span class=\"ez-toc-section\" id=\"Global_Spread_of_the_Infection\"><\/span>Global Spread of the Infection<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p data-pm-slice=\"1 1 []\">Although Brazil has the majority of devices affected by this new attack, many infected devices are scattered worldwide.<\/p>\n<p>It is important to note that the data only shows IP addresses already infected with malware. So, the exact number of affected routers may be slightly inaccurate. However, this does not change the fact that the total number of compromised devices is very high.<\/p>\n<h3 data-start=\"1499\" data-end=\"1552\"><span class=\"ez-toc-section\" id=\"Expert_Estimates_and_Shift_in_Malware_Preferences\"><\/span>Expert Estimates and Shift in Malware Preferences<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p data-start=\"1554\" data-end=\"1717\">According to security researcher VriesHD, \u201cIt wouldn&#8217;t surprise me if the actual number of infected routers in total would be somewhere around 350,000 to 400,000.\u201d<\/p>\n<p data-start=\"1719\" data-end=\"1921\">Before the barrage of attacks started on MikroTik routers, the preferred brand was <a href=\"https:\/\/icoholder.com\/blog\/blockdag-reshapes-crypto-landscape-with-30m-success\/\">CoinHive<\/a>, a mining software used by Monero. This indicates that attackers have shifted their focus to another software.<\/p>\n<p data-start=\"1923\" data-end=\"2104\">\u201cCoinHive, Omine, and CoinImp are the biggest services used. It used to be like 80-90 percent CoinHive, but a big actor has shifted to using Omine in recent months,\u201d VriesHD stated.<\/p>\n<h3 data-start=\"2111\" data-end=\"2141\"><span class=\"ez-toc-section\" id=\"How_to_Curtail_the_Attacks\"><\/span>How to Curtail the Attacks<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p data-pm-slice=\"1 1 []\">Not all hope is lost for victims of these attacks. They can still take steps to protect themselves and reduce damage. Troy Mursch, a security expert from Bad Packets Report, urges owners of affected routers to \u201cimmediately download the latest firmware version available for their device.\u201d<\/p>\n<p>VriesHD added that internet service providers (ISPs) can help stop the infection\u2019s spread by \u201cforcing over-the-air updates to the routers.\u201d<\/p>\n<h3 data-start=\"2605\" data-end=\"2616\"><span class=\"ez-toc-section\" id=\"Summary\"><\/span>Summary<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p data-start=\"2618\" data-end=\"2883\">Researchers have discovered that more than 415,000 routers around the world have been infected with malware designed to illegally take computing power and mine cryptocurrency secretly. MikroTik routers have been the hardest hit in this new string of crypto-jacking.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Crypto-jackers are not resting and keep devising new schemes to mine virtual assets fraudulently. The latest involves routers infected with malware. Researchers found that over &hellip; <\/p>\n","protected":false},"author":12,"featured_media":8402,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23],"tags":[],"class_list":["post-1436","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Routers Infected With Malware Threaten Cryptocurrency Mining<\/title>\n<meta name=\"description\" content=\"Routers infected with malware are secretly hijacking computing power to mine cryptocurrency worldwide - IcoHolder.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/icoholder.com\/blog\/routers-infected-with-malware-threaten-cryptocurrency-mining\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Routers Infected With Malware Threaten Cryptocurrency Mining\" \/>\n<meta property=\"og:description\" content=\"Routers infected with malware are secretly hijacking computing power to mine cryptocurrency worldwide - IcoHolder.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/icoholder.com\/blog\/routers-infected-with-malware-threaten-cryptocurrency-mining\/\" \/>\n<meta property=\"og:site_name\" content=\"ICOholder Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/icoholdercom\/\" \/>\n<meta property=\"article:published_time\" content=\"2018-12-07T13:57:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-05T17:15:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/icoholder.com\/blog\/wp-content\/uploads\/2024\/10\/wordpress-seo-guide.jpg.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Mark James\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@icoholder\" \/>\n<meta name=\"twitter:site\" content=\"@icoholder\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mark James\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Routers Infected With Malware Threaten Cryptocurrency Mining","description":"Routers infected with malware are secretly hijacking computing power to mine cryptocurrency worldwide - IcoHolder.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/icoholder.com\/blog\/routers-infected-with-malware-threaten-cryptocurrency-mining\/","og_locale":"en_US","og_type":"article","og_title":"Routers Infected With Malware Threaten Cryptocurrency Mining","og_description":"Routers infected with malware are secretly hijacking computing power to mine cryptocurrency worldwide - IcoHolder.","og_url":"https:\/\/icoholder.com\/blog\/routers-infected-with-malware-threaten-cryptocurrency-mining\/","og_site_name":"ICOholder Blog","article_publisher":"https:\/\/www.facebook.com\/icoholdercom\/","article_published_time":"2018-12-07T13:57:34+00:00","article_modified_time":"2025-06-05T17:15:46+00:00","og_image":[{"width":1600,"height":800,"url":"https:\/\/icoholder.com\/blog\/wp-content\/uploads\/2024\/10\/wordpress-seo-guide.jpg.png","type":"image\/png"}],"author":"Mark James","twitter_card":"summary_large_image","twitter_creator":"@icoholder","twitter_site":"@icoholder","twitter_misc":{"Written by":"Mark James","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/icoholder.com\/blog\/routers-infected-with-malware-threaten-cryptocurrency-mining\/#article","isPartOf":{"@id":"https:\/\/icoholder.com\/blog\/routers-infected-with-malware-threaten-cryptocurrency-mining\/"},"author":{"name":"Mark James","@id":"https:\/\/icoholder.com\/blog\/#\/schema\/person\/4fdad7bef7e012df3b8a9be6f7fed6e3"},"headline":"415,000 Routers Infected with Malware to Mine Cryptocurrency Secretly","datePublished":"2018-12-07T13:57:34+00:00","dateModified":"2025-06-05T17:15:46+00:00","mainEntityOfPage":{"@id":"https:\/\/icoholder.com\/blog\/routers-infected-with-malware-threaten-cryptocurrency-mining\/"},"wordCount":356,"commentCount":0,"publisher":{"@id":"https:\/\/icoholder.com\/blog\/#organization"},"image":{"@id":"https:\/\/icoholder.com\/blog\/routers-infected-with-malware-threaten-cryptocurrency-mining\/#primaryimage"},"thumbnailUrl":"https:\/\/icoholder.com\/blog\/wp-content\/uploads\/2024\/10\/wordpress-seo-guide.jpg.png","articleSection":["News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/icoholder.com\/blog\/routers-infected-with-malware-threaten-cryptocurrency-mining\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/icoholder.com\/blog\/routers-infected-with-malware-threaten-cryptocurrency-mining\/","url":"https:\/\/icoholder.com\/blog\/routers-infected-with-malware-threaten-cryptocurrency-mining\/","name":"Routers Infected With Malware Threaten Cryptocurrency Mining","isPartOf":{"@id":"https:\/\/icoholder.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/icoholder.com\/blog\/routers-infected-with-malware-threaten-cryptocurrency-mining\/#primaryimage"},"image":{"@id":"https:\/\/icoholder.com\/blog\/routers-infected-with-malware-threaten-cryptocurrency-mining\/#primaryimage"},"thumbnailUrl":"https:\/\/icoholder.com\/blog\/wp-content\/uploads\/2024\/10\/wordpress-seo-guide.jpg.png","datePublished":"2018-12-07T13:57:34+00:00","dateModified":"2025-06-05T17:15:46+00:00","description":"Routers infected with malware are secretly hijacking computing power to mine cryptocurrency worldwide - IcoHolder.","breadcrumb":{"@id":"https:\/\/icoholder.com\/blog\/routers-infected-with-malware-threaten-cryptocurrency-mining\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/icoholder.com\/blog\/routers-infected-with-malware-threaten-cryptocurrency-mining\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/icoholder.com\/blog\/routers-infected-with-malware-threaten-cryptocurrency-mining\/#primaryimage","url":"https:\/\/icoholder.com\/blog\/wp-content\/uploads\/2024\/10\/wordpress-seo-guide.jpg.png","contentUrl":"https:\/\/icoholder.com\/blog\/wp-content\/uploads\/2024\/10\/wordpress-seo-guide.jpg.png","width":1600,"height":800,"caption":"Bear market likely continues"},{"@type":"BreadcrumbList","@id":"https:\/\/icoholder.com\/blog\/routers-infected-with-malware-threaten-cryptocurrency-mining\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/icoholder.com\/blog\/"},{"@type":"ListItem","position":2,"name":"415,000 Routers Infected with Malware to Mine Cryptocurrency Secretly"}]},{"@type":"WebSite","@id":"https:\/\/icoholder.com\/blog\/#website","url":"https:\/\/icoholder.com\/blog\/","name":"ICOholder Blog","description":"Reliable Info about the Best Initial Coin Offerings","publisher":{"@id":"https:\/\/icoholder.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/icoholder.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/icoholder.com\/blog\/#organization","name":"ICOholder Blog","url":"https:\/\/icoholder.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/icoholder.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/icoholder.com\/blog\/wp-content\/uploads\/2025\/08\/ico-logo.png","contentUrl":"https:\/\/icoholder.com\/blog\/wp-content\/uploads\/2025\/08\/ico-logo.png","width":398,"height":214,"caption":"ICOholder Blog"},"image":{"@id":"https:\/\/icoholder.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/icoholdercom\/","https:\/\/x.com\/icoholder"]},{"@type":"Person","@id":"https:\/\/icoholder.com\/blog\/#\/schema\/person\/4fdad7bef7e012df3b8a9be6f7fed6e3","name":"Mark James","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/icoholder.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/edabc954b7a2164bf7c5213c9a12572db57bb3cdc9045604c9f7bbf6bc46a348?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/edabc954b7a2164bf7c5213c9a12572db57bb3cdc9045604c9f7bbf6bc46a348?s=96&d=mm&r=g","caption":"Mark James"},"url":"https:\/\/icoholder.com\/blog\/author\/mark-james\/"}]}},"_links":{"self":[{"href":"https:\/\/icoholder.com\/blog\/wp-json\/wp\/v2\/posts\/1436","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/icoholder.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/icoholder.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/icoholder.com\/blog\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/icoholder.com\/blog\/wp-json\/wp\/v2\/comments?post=1436"}],"version-history":[{"count":7,"href":"https:\/\/icoholder.com\/blog\/wp-json\/wp\/v2\/posts\/1436\/revisions"}],"predecessor-version":[{"id":13415,"href":"https:\/\/icoholder.com\/blog\/wp-json\/wp\/v2\/posts\/1436\/revisions\/13415"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/icoholder.com\/blog\/wp-json\/wp\/v2\/media\/8402"}],"wp:attachment":[{"href":"https:\/\/icoholder.com\/blog\/wp-json\/wp\/v2\/media?parent=1436"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/icoholder.com\/blog\/wp-json\/wp\/v2\/categories?post=1436"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/icoholder.com\/blog\/wp-json\/wp\/v2\/tags?post=1436"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}