Cybersecurity firm Trend Micro has collaborated with the international crime fighting agency Interpol in fighting cryptocurrency mining malware afflicting computer routers across Asia, the company said in a blog post on 8 January.
According to the announcement, Interpol’s Global Complex for Innovation (IGCI) in Singapore has spent five months tackling the epidemic of the Coinhive cryptojacker, which was installed on MicroTik routers thanks to a vulnerability. The malicious malware was used by cybercriminals, who utilized their victim’s resources to mine cryptocurrency.
Trend Micro was able to create a “Cryptojacking Mitigation and Prevention” guidance document in June 2019, which explained how a vulnerability in home and enterprise routers led to thousands of devices being infected in the region. Furthermore, the document also detailed how victims could use the Trend Micro software to detect and remove the malware.
Following the release of the document “Operation Goldfish Alpha” began, which saw Interpol interact with experts from national Computer Emergency Response Teams (CERT’s), as well as with police from 10 nations across Asia, to identify and help victims of infected routers.
The press release further states that over 20,000 routers were identified as affected, but through the combined effort were later restored, reducing the number of infected devices in the region by 78 percent. The Cyber Defense Institute also provided assistance with the operation, with Craig Jones, the Director of Cybercrime for Interpol, saying:
“When faced with emerging cybercrimes like cryptojacking, the importance of strong partnerships between police and the cybersecurity industry cannot be overstated. By combining the expertise and data on cyberthreats held by the private sector with the investigative capabilities of law enforcement, we can best protect our communities from all forms of cybercrime.”
All Mikro Tik routers that used its proprietary RouterOS have been affected by this vulnerability, with Trend Micro reporting that the attackers used the affected devices to mine Monero (XMR).