Menu
Thousands of Seagate NAS boxes host cryptocurrency mining malware

Thousands of Seagate NAS boxes host cryptocurrency mining malware

If configured for remote access, the devices expose a writable FTP directory to the Internet that attackers can abuse

Thousands of publicly accessible FTP servers, including many from Seagate network-attached storage devices, are being used by criminals to host cryptocurrency mining malware.

Researchers from security vendor Sophos made the discovery when they investigated a malicious program dubbed Mal/Miner-C, which infects Windows computers and hijacks their CPUs and GPUs to generate Monero, a bitcoin-inspired cryptocurrency.

With most cryptocurrencies, users can generate new units by devoting their computing resources to solving complex math problems needed to validate transactions in the network. This process, known as "mining," provides an incentive for attackers to hijack other people's computers and use them for their own gain.

Bitcoin mining malware used to be widespread some years ago, but as the cryptocurrency's network grew, mining became more difficult and using personal computers, which have limited computing resources, stopped being profitable. Some malware writers, like those behind Mal/Miner-C, have now turned their attention to newer cryptocurrencies, like Monero, that are easier to mine.

The Sophos researchers found that Mal/Miner-C does not have an automatic infection mechanism and instead relies on users to execute the malicious program. As such, it is distributed via downloads through compromised websites, but also through open FTP servers.

Attackers scan for FTP servers that are accessible from the internet and attempt to log in with default and weak credentials or with anonymous accounts. If successful, they verify that they have write access on the server and copy the malware in all of the available directories.

This explains why Sophos counted more than 1.7 million Mal/Miner-C detections over the past six months from about 3,000 systems. Most of the affected systems were FTP servers that hosted multiple copies of the malware in different directories.

The researchers used an internet scanning engine called Censys to identify public FTP servers that allow anonymous access with write privileges. They found 7,263 such servers and determined that 5,137 of them had been contaminated with Mal/Miner-C.

Another interesting discovery was that many of those FTP servers were running on Seagate Central NAS devices. While this malware threat does not specifically target such devices, it turns out that Seagate Central's configuration makes it easier for users to expose insecure FTP servers to the Internet.

By default, the Seagate Central NAS system provides a public folder for sharing data, the Sophos researchers said in a paper published Friday. This public folder cannot be disabled and if the device administrator enables remote access to the device, it will become accessible to anyone on the Internet, they said.

FTP servers that have been compromised by Mal/Miner-C contain two files, called Photo.scr and info.zip. Photo.scr is a Windows executable file, but its icon masquerades as that of a Windows folder to trick users into accidentally executing it.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags nasBitcoincrypto currencies

Featured

Slideshows

Meet the leading female front runners of the Kiwi channel

Meet the leading female front runners of the Kiwi channel

Reseller News honoured the leading female front runners of the New Zealand channel at the 2018 Women in ICT Awards (WIICTA) in Auckland. The awards honoured standout individuals across seven categories, spanning Entrepreneur; Innovation; Rising Star; Shining Star; Community; Technical and Achievement.

Meet the leading female front runners of the Kiwi channel
Meet the top performing customer-centric Microsoft channel partners

Meet the top performing customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the top performing customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments