Miner-C Malware Sets Its Sights on Seagate NAS Devices
Researchers Estimate That Around 70% of All Seagate NAS Drives Are Infected with Miner-C Malware
Miner-C has been around for a few months now first detected by a security firm called GuardCore. A close inspection of Miner-C revealed that the malware displayed characteristics typical for worms. Initially, it targeted FTP servers with open FTP ports. Once it found a host, Miner-C would proceed towards brute-forcing its way into other servers using a list of default login credentials. Its ultimate goal is to use infected machines in order to mine for cryptocurrency.
The criminals' cryptocurrency of choice is Monero, and there's a very good reason for this. As you probably know, Bitcoin is the best-known cryptocurrency, but due to various complicated reasons, profitable mining can only happen if you have special equipment or a data center. Ordinary PCs won't do the trick. By contrast, mining Monero on home machines (provided you have hundreds of them) is still a viable way of making money.
The cryptocurrency market is volatile at best, and there may come a time when Monero will be just as difficult to mine as Bitcoin. Miner-C malware is written in such a way, however, that even then it will be able to give its developers a chance to make some easy money. Researchers from Sophos recently inspected the source code and found out that changing the payload won't be that difficult. Fundamentally , with a few lines of code, the threat actors can stop the Monero mining process and use Miner-C to drop ransomware, for example. Thanks to this, the malware is also able to avoid most of the security solutions.
Sophos experts uncovered another interesting feature. As it turns out, Miner-C no longer targets FTP servers only. It has now turned its attention to Seagate's Network Attached Storage (NAS) devices. The said devices offer users the chance to back up important data on Seagate's drive and access it over the internet whenever they like. It's like a personal cloud storage device.
Different people can have different accounts on the same Seagate NAS. Each account has its own folder which is accessible only with a username and password. There's also a public folder, however, which can be seen by virtually anyone. That's where Miner-C comes in.
The malware can place a script file called "photo.scr" in the public folder. The file uses Windows' default folder icon, which, coupled with the fact that Windows has the strange habit of hiding the file extensions by default, means that to ordinary users, photo.scr may look like a folder that probably contains some pictures. If they try to open it, they will initiate the script which will download the cryptocurrency mining software.
According to Sophos, by utilizing this relatively simple social engineering technique, Miner-C's creators were able to infect about 5,000 devices which represent 70% of all Seagate NAS drives connected to the Internet at the time of the research. The criminals were also able to obtain at least $86,700 worth of Monero, which isn't a bad paycheck.
Perhaps the worst thing about the Miner-C malware is the fact that Seagate NAS users can do nothing about it. Disconnecting the device from the Internet will stop the infection, but it will also turn a rather expensive machine into nothing more than a glorified flash drive.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.