![]() ![]() The alleged browser update is suspiciously downloaded from an FTP server, as seen below: Internet providers that operate infected MikroTik routers will serve this malicious redirect about an "old version of the browser" to their end users:Īccording to a search via Censys, there are about 11,000 compromised MikroTik devices hosting this fake download page: Security researcher spotted a new campaign attempting to further compromise vulnerable routers using a typical social engineering technique. With this latest trick, users behind compromised routers are served a fake browser update page. When they run this malicious update, it unpacks code onto their computer that scans the Internet for other vulnerable routers and tries to exploit them. Last summer, researchers at SpiderLabs discovered what was perhaps the biggest malicious Coinhive campaign via hacked MikroTik devices, which has evolved into a much wider problem now. Criminals were quick to leverage Proof of Concept code to compromise hundreds of thousands of devices in a short time frame. The problem is that a large number of MikroTik routers remain unpatched and are prey for automated attacks, despite security fixes made available by the vendor. Ever since a critical flaw in RouterOS was identified in late April 2018, attacks have been going on at an alarming rate, made worse when a newly-found exploitation technique for CVE-2018-14847 was identified. MikroTik, a Latvian company that makes routers and ISP wireless systems, has been dealing with several vulnerabilities affecting its products' operating system over the past few months. This blog post was authored by Jérôme Segura. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |