Share this article
Attacker Installs Crypto Mining Malware on Over 170,000 Devices
Coinhive was installed on more than 170,000 devices in Brazil last month.
Updated Sep 13, 2021, 8:16 a.m. Published Aug 9, 2018, 5:00 p.m.
More than 170,000 devices in Brazil were targeted in a cryptojacking attack last month.
According to a blog post published by security firm Trustwave, a wide-scale cyberattack was launched on MicroTik routers. The effort led to the installation of the Coinhive mining software in a "mass" infection of more than 17,000 devices.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
Trustwave security researcher Simon Kenin wrote that all of the devices used "the same sitekey," indicating that one entity reaped the mined tokens from all of the devices.
He wrote:
"This attack may currently be prevalent in Brazil, but during the final stages of writing this blog, I also noticed other geo-locations being affected as well, so I believe this attack is intended to be on a global scale."
According to a previous post by Trustwave, also co-authored by Kenin, Coinhive gained traction in 2017 as a service that claimed to provide monetizing solutions for websites without using any advertisements. Instead, site owners were to embed JavaScript code that would take hold of the central processing unit (CPU) power of site visitors to mine the cryptocurrency monero.
However, mining reportedly ended up costing site visitors up to 99 percent of their CPU processing power, leading to further issues for consumers as their devices generated more heat and used up large amounts of electricity.
Trustwave has since released a detection tool to block the mining malware, and as Kenin explains in his most recent post, readers should heed his "warning call" and patch any MikroTik devices "as soon as possible," emphasizing that the severity of the attacks could reach "hundreds of thousands" of consumers around the globe.
Kenin also reports that illicit cryptocurrency mining operations such as these are "a trend we've been seeing a lot of over the last three years, as attackers shift from ransomware into the world of miners."
Such sentiments are being echoed by other cybersecurity firms such as Skybox Security which also reported in their 2018 mid-year update that among cybercriminals, crypto mining now accounted for 32 percent of all cyberattacks, with ransomware making up 8 percent.
Typing image via Shutterstock
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Bitcoin’s Deep Correction Sets Stage for December Rebound, Says K33 Research
K33 Research says market fear is outweighing fundamentals as bitcoin nears key levels. December could offer an entry point for bold investors.
What to know:
- K33 Research says bitcoin’s steep correction shows signs of bottoming, with December potentially marking a turning point.
- The firm has argued that the market is overreacting to long-term risks while ignoring near-term signals of strength, like low leverage and solid support levels.
- With likely policy shifts ahead and cautious positioning in futures, K33 sees more upside potential than risk of another major collapse.
Top Stories
