Bitcoin (Cryptocurrency) Mining malware is back and it is much more full of vengeance than it was before.
Research by security experts at Sophos suggests that countless Seagate Central NAS devices have been identified to be carrying the cryptocurrency mining malware. The malicious software has been dubbed as Miner-C. It has been learned that the malware uses the NAs drives as a repository for infecting other devices instead of infecting them.
A certain flaw on the NAS devices has allowed hackers plant this malware into Seagate Central devices. As per the analysis of the security researchers, approximately 70% of devices around the world are harboring cryptocurrency mining malware.
It is a fact that researchers had identified this malware back in June but now it is infecting Seagate Central devices and posting a copy to publicly accessible folders. Actually, all the NAS devices contain a public folder, which can be easily accessed by all even unidentified or anonymous users. Moreover, this particular folder can neither be deactivated nor deleted.
The attackers make a copy of Photo.scr file that seems like a genuine Windows OS folder icon. But, when somebody clicks on it, it immediately installs a cryptocurrency mining application on that system but the malware file doesn’t get executed on the NAS at all. Afterward, the targeted system is used to mine Monero, a type of cryptocurrency.
A senior threat researcher at Sophos, Attila Marosi, stated in a blog post that,
“The malware generates a new initialization file when it is launched, it helps the malware avoid security solutions. It also gives the botnet operators a chance to change the payload of the threat in the future, for example, dropping ransomware to the victim’s machine after the mining business is no longer profitable.”
Misconfigured FTP servers are used by this malware to spread across Seagate Central devices. While investigating, the researchers identified 7263 Seagate Central devices that were serving as active servers. These devices also had write access enabled. Out of the 7263 devices, almost 70%, that is 5137 devices were already infected with Miner-C. This means hackers have already raked in €76,000 (£64,000) with help of this malware.
As per Marosi, the reason why hackers have chosen Monero as Bitcoin is that it is relatively easier to mine in comparison to the new cryptocurrencies.
Previously, the uTorrent software update was also found installing a similar Cryptocurrency malware on users’ device. Currently, Linux devices are also under attack by Linux.Lady malware whose sole purpose is to install Bitcoin mining software and make money out of bandwidth of an infected device.
[src src=”Source” url=”https://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/Cryptomining-malware-on-NAS-servers.pdf?la=en”]Sophos[/src]