A number of Mikrotik routers of the sort previously hijacked by the USG for terrorism in Brazil have been pressed into service recruiting botnet miners (archived). Mikrotik routers deployed in carrier and end user application are injecting "Coinhive Javascript Monero Mining (TM)(R)" into http traffic passing through their routes. So far most of the affected routers and traffic have been centered in Brazil with some spread into other geographic regions.