Over 200,000 MikroTik Routers Jeopardized. CoinHive Cryptojacking To Blame.

Over 200,000 MikroTik Routers Jeopardized. CoinHive Cryptojacking To Blame.


MikroTik devices, exceeding the number of 170,000 were detected with the CoinHive site key.

The procedure of infection was such, that at the outset, a custom error page was being created and the embedded CoinHive script was being injected in that page. This custom error page would then, begin CoinHive Mining. By means of a wireless connection with the infected router, CoinHive miner executed the mining of the crypto-currency.


The attackers are said to have an astonishing knowledge of the MikroTik routers. The script that was used had the ability to convert the present site key and convert it into another. The script could also modify some system settings, enable the proxy, fetch the custom error pages and create the scheduled tasks for updating. A backdoor account of the name “ftu” is generated as well.


This isn’t the first time the MikroTik routers were targeted. If or not it’s the last time, is a question to be answered by the times to come.

Leave a Reply