Interpol hacks cryptomalware that infected millions of routers worldwide

Interpol, in collaboration with other agencies, has dealt a severe blow to cybercrime in Asia. The international agency announced the successful conclusion of Operation Goldfish Alpha, which was supported by the information security firm Trend Micro, besides law enforcement agencies and incident response teams in more than 10 countries; this operation focused on the elimination of Coinhive, a cryptocurrency mining malware (aka cryptomalware), which was eradicated from nearly 20k routers.

For half a year, the Interpol Global Complex Innovation (IGCI) worked to detect and remove this variant of malware installed on thousands of hundreds of MicroTok routers, which suffered large-scale infections in multiple Asian countries, such as Brunei, Cambodia, Indonesia, Malaysia, the Philippines, Singapore and Thailand.

Moreover, Trend Micro information security experts prepared a number of very useful information documents for cryptocurrency mining malware victims, so thousands of users learned to update their routers and uninstall the malware. Operation Goldfish concluded at the end of 2019, although thousands of infected devices remain in Asia and the rest of the world.

The international agency estimates that this operation managed to eradicate about 18% of Coinhive infections worldwide, so it is expected that the current number of routers running this cryptomalware will not exceed 110k units, which have not been updated by their administrators.

It should be remembered that this attack, known as cryptojacking, depends on the processing power of the infected machines. Because a router represents minimal computing power, hackers must compromise tens of thousands of routers to achieve the processing power equivalent to a network of a few computers.

According to information security specialists, its weak security settings, in addition to their worldwide use, make routers one of the main targets of threat actors that use cryptojacking to generate profits. Although the generated revenue using this attack is not high, very few resources are required to infect tens of thousands of devices, making it a very lucrative attack variant.

The number of cryptomalware infections has decreased over the last two years, as the latest antivirus tools have the ability to identify these malicious programs. However, an information security report from the International Institute of Cyber Security (IICS) states that threat actors have not stopped and keep develop new and more efficient methods of infection.

Last year, malicious hackers demonstrated their ability to reinvent themselves, developing infection methods based on steganography, allowing them to hide malicious software in images, PDF files and even in WAV-format audio samples with the purpose of evading the detection of antivirus software and infecting as many devices as possible. Whether deploying cryptojacking campaigns, or creating gigantic botnets useful in other attack variants, experts consider it highly likely that steganography-based attacks will reach record activity logs during 2020.