A Russian hacker who calls himself "Alexey" is infiltrating insecure networks and adding security patches to Latvian-made MikroTik routers so they "can't be abused by cryptojackers, botnet herders, or other cyber-criminals," reports ZDNet. Alexey claims to have secured over 100,000 MikroTik routers so far. A security expert told ZDNet that over 420,000 MikroTik routers have been hijacked to mine cryptocurrency on the sly.
Alexey has not been trying to hide his actions and has boasted about his hobby on a Russian blogging platform. He says he accesses routers and makes changes to their settings to prevent further abuse.
"I added firewall rules that blocked access to the router from outside the local network," Alexey said. "In the comments, I wrote information about the vulnerability and left the address of the @router_os Telegram channel, where it was possible for them to ask questions."
But despite adjusting firewall settings for over 100,000 users, Alexey says that only 50 users reached out via Telegram. A few said "thanks," but most were outraged.
The vigilante server administrator says he's been only fixing routers that have not been patched by their owners against a MikroTik vulnerability that came to light in late April.