Thousands of unpatched MikroTik Routers are involved in new cryptocurrency mining campaigns. The exploit code for the CVE-2018-14847 vulnerabilities is becoming a commodity in the hacking underground. The campaign started in Brazil, but it is rapidly expanded to other countries. More than 370,000 of 1.2 million routers are still vulnerable to the exploit because owners have not updated them. Researchers scanned the Internet for vulnerable devices, they found more than 5,000K devices with open TCP/8291 port and 1,200k of them are Mikrotik devices, within which 370k are vulnerable.”]
Source: https://securityaffairs.co/wordpress/76084/hacking/mikrotik-routers-cryptomining.html