Security firm, Sophos, discovered a malware named Mal/Miner-C, a software written in a scripting language (NSIS- NullSoft Scripting Install System) used to create Windows installers, on computers and NAS servers. The malware used these systems as leverage to mine Monero. Monero is an open source secure, private untraceable currency and it doesn’t require a huge amount of processing power, hence easier to mine. So this malware was using the infected system resources to do the mining and with so many systems, the Monero can add up pretty quick. But in order for it to work the user/client has to run the malware, which comes to them as a file that needs to be downloaded and with a little social engineering things can get a little hairy. What’s interesting is Mal/Miner-C abused FTP servers using software components that randomly generates ip addresses and attempts to connect to them using stored usernames and passwords. Once the malware was in the server, like a worm it copied itself into underlying folders and so on until every folder in the server contains the malware. Mal/Miner-C has also been affecting NAS storage devices, specifically Seagate Central. Although Seagate is not the target, it did expose a risk. Seagate allows remote access to private and public folders and if enabled, allows users to access their private folders remotely but also allows anybody to access and write to the public folder. Even further, the public folder cannot be deleted, so to be safe users has to forgo accessing their files remotely altogether.
http://www.securityweek.com/nas-devices-used-spread-cryptocurrency-mining-malware
https://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/Cryptomining-malware-on-NAS-servers.pdf?la=en
https://getmonero.org/home
This is just the tip of the Ice berg so to speak. As IoT (Internet of Things) expands we are likely to see this story repeated often, Many IoT devices sit on the internet and have severe vulnerabilities. We are already seeing them leveraged for DDoS attacks.
Wade