NAS Servers Infected With Crypto Malware Are Mining Monero

Over the past few years, there have been multiple versions of malware causing harm to computer users. But some of these tools will also attempt to mine cryptocurrency on behalf of the criminal. Several new types of crypto mining malware have been discovered recently, all of which target NAS servers. Not the most profitable way of mining cryptocurrency, but since it is entirely free for the criminal, it is worth a shot.

The new report released by SophosLabs goes to show cryptomining malware is still widespread. Although a lot of computational resources are required to mine Bitcoin efficiently, there are other ways to go about things. Criminals deploy malware with an embedded cryptocurrency mining toolkit which “borrows” resources provided by infected computers.

NAS Servers Can Mine Monero

While this does not mean criminals are mining Bitcoin through this method, it is a worrying scenario. As criminals manage to infect more computers every time, their chances of getting decent earnings increases. In most cases, the so-called altcoins are being mined, as they require less dedicated hardware to complete the process.

By targeting NAS systems, criminals have taken things one step further. Albeit these machines are far less powerful than the average desktop or laptop, they are also easier to abuse. To be more precise, hardly anyone will ever monitor the computational resources of their NAS, unless it is working very slowly for weeks on end. Even then, most people would just reboot the system and move on.

One currency that is actively mined through cryptomining malware is Monero. Thanks to the Mal/Miner-C malware, criminals can quietly infect computers and NAS servers. This malware can self-replicate, making it easier for criminals to infect thousands of machines in quick succession.

AsNAS systems are being targeted; criminals seem to prefer to exploit the Seagate Central Network Attached Storage. In fact, it is a commonly used distribution server for this malware, according to the research. At the same time, the source code is incapable of running on a Seagate Central device.

Source: Sophos

Header image courtesy of Shutterstock