Source: mikrotik.com
Security researchers discovered at least three malware campaigns which exploited hundreds of thousands of routers. The affected routers are Mikro Tik routers which have not been upgraded with a security patch. The malware installs a crypto mining software program on computers which are connected to the affected router. They estimate that more than 210,000 routers have been compromised.
A vulnerability in the Winbox component of the Mikro Tik router was exploited by the hackers. The vulnerability was discovered within a day and a patch was created, the problem is that many of the device owners did not install the patch.
The flaw can allow the hacker to gain unauthenticated remote administrative access to the router. Once the access is gained, the hacker has access to all files and programs on the router. They have used this access to inject Coinhive's Javascript onto every web page that a user visits using the infected router. The scripting program is used to mine Monero without the users knowledge.