The number of malware infections with a crypto miner in it has fallen by at least 78 percent in Southeast Asia after a major Interpol operation. The police forces of different countries detected infected devices and informed the victims of the hacks.
The sharp decline happened after some Interpol Operation Goldfish Alpha calls. During that operation, Interpol cooperated with the police forces of Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, the Philippines, Singapore, Thailand and Vietnam. During the operation, it was mapped for nine months where infected routers were located in those countries. This specifically concerned MikroTik routers, which have a known vulnerability. At least 20,000 routers were found that had a cryptominer. According to Interpol, that number accounted for 18 percent of all infected routers worldwide.
The police forces worked together to track down the routers and then alert the victims. They also sent security updates for the router to the victims so that those devices could no longer be included in the botnet. In this way, Interpol managed to reduce the number of infected routers by 78 percent. The police department says it is still busy tracking and cleaning up the routers. Interpol cooperated with private security companies, in particular, Trend Micro and the Cyber Defense Institute. They supported the operation with information and analysis about cryptojacking. In that process, a crypto miner is placed on a computer or IoT device that mine cryptocurrency. With large numbers of devices, criminals can earn a lot of money with it, especially if they manage to infect corporate networks. According to Interpol, cryptojacking is a crime that is often unknown to the police. “Operation Goldfish Alpha is also meant to gain more knowledge about cryptojacking, such as how to identify and prevent it,” writes Interpols director of the cyber crime unit Craig Jones.