A large cryptojacking scheme is currently spreading from Brazil to the rest of the world. 200,000 MikroTik routers are currently infected with malware which secretly runs an XMR mining script in the background.
The hack was first described by a computer security researcher at Trustwave, who noticed a large surge in the use of CoinHive.
It appears that the attacker used the zero-day bug, a known exploit affecting all MikroTik routers. The bug was actually patched by MikroTik within a day of discovery, but there still remain countless routers yet to be updated and therefore vulnerable, allowing the hacker to find an attack vector which has spread to hundreds of thousands of infected routers and will likely continue spreading.
Affected routers run the script in the background while trying to inject it into any website visited, surreptitiously mining Monero for the original hacker.
Chepicap has reported already that Cryptojacking has replaced ransomware as the crypto threat to watch, and this is a perfect example of how a motivated hacker can spread malicious scripts quite far.
Check if you have a MikroTik router- if you do, make sure that it has the most recent update to ensure that you are safe from the cryptojacking attack.