Security vulnerabilities have caused damage to secretly digging passwords through over 200,000 routers. According to security company Trustwave, a hack has been made for the security vulnerability of the MikroTik router, and the victim PC has been exploited for exploiting passwords.
This hacking technique exploits the vulnerability of a micro-chip router, puts code on a PC connected to the network, and uses a new password-scrambling service, Coinhive, to unlock the cipher Monello. Thrust wave research has revealed that more than 170,000 micro-routers have been hacked and most of the damage is occurring in Brazil.
Hackers are remotely ciphering money by hiding coin hive codes on a website, YouTube ads, other software, or by running code when a web page is opened or when a browser error page is displayed.
Other investigations have shown that a similar procedure could be done in Moldova through a microticket router. More than 25,000 people were killed in Moldova.
The vulnerability of the microchip router that caused the hack was fixed in April with a firmware update. However, unlike products such as PCs and smart phones, there are still not many users to update routers, so they are still exploiting vulnerabilities. Although it has been found in Brazil and Moldova, it is pointed out that there is a possibility that damage will be increased in the future given that microtic routers are used all over the world.
As interest in cryptography increases, so too is the damage caused by hacking. In the case of the coin hive used in hacking, the password shortening occasionally occurred while exploiting the URL shortening function. Of course, it is a way to intercept profits by letting the visitors of the website know the mining.
Coin Hive provides a URL shortening feature that, according to reports from early July, exploits the URL shortening feature and guides visitors to other sites for mining. For Coin Hive’s shortened URL feature, click on the shortened URL and make a profit by earning a certain amount of time while the page is loaded. However, this is where I put the child frame tag on the irrelevant page HTML source and moved it to their site and made the mining. The i-frame tag itself is just 1 x 1 pixel, so it’s hard to find it in the usual way.
After all, if you open the page through this process, it will increase the CPU power to 100% during standby time until the desired page appears. The wait time can be freely changed by changing the hash value in the coin hive setting, which is usually 1024, but some have set a whopping 3,712,000 hashes.
In addition, there is a method of retrieving the same page again when the page reaches the preset hash value and re-mining it. For users who are not aware of this structure, you might think why the page will be reloaded, but CPU power has been abnormally increased even in this situation. According to Coin Hive, it is also possible to install browser extensions such as MinerBlock or No Coin to prevent CPU power free riding.
The problem of cryptographic mining exploiting coin hives is sneaking. In December of last year, there was a secret mining through WiBi service in Starbucks store in Buenos Aires, Argentina. Starbucks immediately contacted ISPs to take action, but in the case of customers wishing to enjoy a cup of coffee, it seemed like an unreasonable source of revenue.
In addition to the damage caused by exploiting Coin Hive, malware called Satori Coin Robber emerged earlier this year. This malware was a malicious code that infected a cryptographer to steal the address of a mining software wallet and steal revenue.
Satoshi Coin Rover is derived from malicious code that exploits object Internet devices and takes profits from cryptographic mining profits. The malware infects PCs using Claymore Mining, a cryptography mining software. The damage is mainly confirmed in Windows system. When infected with Claymore Mining in PC, the password wallet address such as etherium address in PC gets into the hacker’s hand. Satoshi Coin Rover confirms whether the money is mined, updates the file, changes the wallet address to a new one, and reboots.
The exploitation of cryptographic money and the number of devices connected to the network such as the Internet of things are continuously increasing. Considering the point of security vulnerability, it is likely that this exploitation case will continue to occur in the future.