![]() "By doing this, the attacker hopes to perform web mining for all the proxy traffic on the users' devices," the researchers explain. Netlab researchers have identified malware exploiting the CVE-2018-14847 vulnerability to perform various malicious activities, including CoinHive mining code injection, silently enabling Socks4 proxy on routers, and spying on victims.ĬoinHive Mining Code Injection - After enabling the Mikrotik RouterOS HTTP proxy, the attackers redirect all the HTTP proxy requests to a local HTTP 403 error page which injects a link for web mining code from Coinhive. Winbox is designed for Windows users to easily configure the routers that download some DLL files from the router and execute them on a system.Īccording to the researchers, more than 370,000 of 1.2 million MikroTik routers are still vulnerable to the CVE-2018-14847 exploit, even after the vendor has already rolled out security updates to patch the loophole. ![]() ![]() The vulnerability in question is Winbox Any Directory File Read (CVE-2018-14847) in MikroTik routers that was found exploited by the CIA Vault 7 hacking tool called Chimay Red, along with another MikroTik's Webfig remote code execution vulnerability.īoth Winbox and Webfig are RouterOS management components with their corresponding communication ports as TCP/8291, TCP/80, and TCP/8080. ![]() Now Chinese security researchers at Qihoo 360 Netlab have discovered that out of 370,000 potentially vulnerable MikroTik routers, more than 7,500 devices have been compromised to enable Socks4 proxy maliciously, allowing attackers to actively eavesdrop on the targeted network traffic since mid-July. Last month we reported about a widespread crypto-mining malware campaign that hijacked over 200,000 MikroTik routers using a previously disclosed vulnerability revealed in the CIA Vault 7 leaks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |