Malware that infects Seagate's NAS and secretly uncovers the virtual currency will be discovered

Manufactured by Seagate, a major hard disk manufacturerNASThe vulnerability was infected, malware was discovered that secretly connects the machine power of the connected PC and uses it as a resource for discovering the virtual currency. It is estimated that virtual currencies of more than $ 88,000 (about 9 million yen) have already been discovered at market price.

Cryptomining-malware-on-NAS-servers.pdf
(PDF file)https://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/Cryptomining-malware-on-NAS-servers.pdf

Thousands of infected FTP servers net attackers $ 88k in cryptocurrency | Ars Technica
http://arstechnica.com/security/2016/09/thousands-of-infected-ftp-servers-net-attackers-88k-in-cryptocurrency/

Anti-malware serviceSophosVia the Seagate made NAS, sneak out the machine power of the PC connected to the NAS "virtual currency"MoneroWe reported that we found malware to use for mining.

BitcoinMonero is said to be easier to mining than it is, the market price is rising.


The malware in questionSeagate CentralIt is confirmed that it is infected by using the vulnerability existing in Seagate's NAS program. According to Sophos, Seagate Central has a vulnerability that allows malicious users to access files remotely, and if users mistakenly click on a file uploaded by an attacker, it infects malware and infects malware The PC will start mining the Monero in the background.


Among the infected PCs, the biggest "earnings" per power consumption seems to be the model with GeForce GTX 750Ti on the graphic board.


Infected terminals are spreading all over the world including Japan, and infection has already been confirmed with more than 3000 terminals.


Researcher Attora Marosil of Sophos said the infected PC mined Monero for 481 dollars a day (about 49,000 yen), and total about 80,000 dollar (about 9 million yen) virtual currency I guess the attacker got it.


Malware found this time has no self-diffusion capability and only infects via Seagate Central. Also, damage caused by actually increasing the amount of damage to machinery resources by electricity bills is not large. Sophos, however, points out the possibility that this type of cybercrime damage will expand in the future due to negligence of NAS security measures, since the majority of NAS users validate external data writing.