Interpol Leads Operation to Tackle Cryptojacker Infecting Over 20,000 Routers

International crime fighting agency Interpol has taken action to stem a plague of cryptocurrency mining malware afflicting computer routers across Asia.

According to a Wednesday blog post from TrendMicro, which assisted the operation, Interpol's Global Complex for Innovation (IGCI) in Singapore led a five-month effort to tackle the epidemic of the Coinhive cryptojacker that was installed by cybercriminals exploiting a vulnerability in MicroTik routers.

Dubbed Operation Goldfish Alpha, the action saw Interpol work with experts from national Computer Emergency Response Teams (CERTs) and police across 10 nations across Asia to identify infected routers and help victims remove the malware.

A release from Interpol identifies the countries as Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam. TrendMicro said it had prepared a guidance document that was used to guide victims in patching the vulnerability and uninstalling the miner.

At least 20,000 infected routers were found, a number that was reduced by at least 78 percent by the collaborative action when it ceased in November. Efforts are still continuing to remove the malware.

Private entity Cyber Defense Institute also assisted the operation, said Interpol.

“When faced with emerging cybercrimes like cryptojacking, the importance of strong partnerships between police and the cybersecurity industry cannot be overstated,” said Interpol director of cybercrime Craig Jones. “By combining the expertise and data on cyberthreats held by the private sector with the investigative capabilities of law enforcement, we can best protect our communities from all forms of cybercrime."