Postmortem of a Compromised MikroTik Router

Cryptocurrency coinminers are the new ransomware and malicious actors have already pounced on the opportunity to make their fortune. Symantec has been tracking a large-scale coin-mining campaign which, as per Shodan, has currently infected about 157,000 MikroTik routers.

Researchers discovered this coin-mining campaign in early August 2018. The campaign was initially concentrated in Brazil; however, it soon began infecting routers around the world. I decided to take a closer look at one of these infected routers to get a better understanding at what’s going on.

Source: Symantec