Share this article
Interpol Leads Operation to Tackle Cryptojacker Infecting Over 20,000 Routers
The international crime fighting agency led an operation to stem a plague of cryptocurrency mining malware afflicting computer routers across Asia.
Updated Sep 13, 2021, 12:07 p.m. Published Jan 9, 2020, 10:00 a.m.
International crime fighting agency Interpol has taken action to stem a plague of cryptocurrency mining malware afflicting computer routers across Asia.
STORY CONTINUES BELOW
According to a Wednesday blog post from TrendMicro, which assisted the operation, Interpol's Global Complex for Innovation (IGCI) in Singapore led a five-month effort to tackle the epidemic of the Coinhive cryptojacker that was installed by cybercriminals exploiting a vulnerability in MicroTik routers.
Dubbed Operation Goldfish Alpha, the action saw Interpol work with experts from national Computer Emergency Response Teams (CERTs) and police across 10 nations across Asia to identify infected routers and help victims remove the malware.
A release from Interpol identifies the countries as Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam. TrendMicro said it had prepared a guidance document that was used to guide victims in patching the vulnerability and uninstalling the miner.
At least 20,000 infected routers were found, a number that was reduced by at least 78 percent by the collaborative action when it ceased in November. Efforts are still continuing to remove the malware.
Private entity Cyber Defense Institute also assisted the operation, said Interpol.
“When faced with emerging cybercrimes like cryptojacking, the importance of strong partnerships between police and the cybersecurity industry cannot be overstated,” said Interpol director of cybercrime Craig Jones. “By combining the expertise and data on cyberthreats held by the private sector with the investigative capabilities of law enforcement, we can best protect our communities from all forms of cybercrime."
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
New React bug that can drain all your tokens is impacting 'thousands of' websites
Attackers are using the vulnerability to deploy malware and crypto-mining software, compromising server resources and potentially intercepting wallet interactions on crypto platforms.
What to know:
- A critical vulnerability in React Server Components, known as React2Shell, is being actively exploited, putting thousands of websites at risk, including crypto platforms.
- The flaw, CVE-2025-55182, allows remote code execution without authentication and affects React versions 19.0 through 19.2.0.
- Attackers are using the vulnerability to deploy malware and crypto-mining software, compromising server resources and potentially intercepting wallet interactions on crypto platforms.
Top Stories
