HYDERABAD: A security flaw in MikroTik WiFi routers has left thousands in the subcontinent at risk of cyber attacks ranging from eavesdropping to cryptomining. India is among the 10 countries worst affected by the cryptomining campaign and Reliane Jio Infocomm has the highest number of infected routers in the country, according to a report by Avast. The anti-virus company’s research on its user base found that 11,809 routers were infected in India, putting it on the seventh position of countries with compromised routers.

At the top is Brazil with a staggering 85,230 infected routers targeted by cryptomining campaign JS:InfectedMikroTik.The campaign allows cybercriminals to exploit a vulnerability in MikroTik and inject scripts that further allow them to run softwares illegally. The software in turn can take over the computer’s resources and use them for cryptocurrency mining.

Researchers Martin Hron and David Jursa who are studying infected routers said, “When you try to reach any URL starting with http:// on an infected router, you will get HTTP error code 403 Forbidden via a custom error page which contains the above HTML code.”  However, they found that the HTML code was in fact a script which launches a javascript cryptocurrency miner that runs in your browser. All this happens in the background while the user browses content, the report said.  
Apart from this, the researchers noted that routers could have been targeted as owners did not change their default credentials or create strong passwords.