Hacking into NAS (network attached storage) devices commonly used on home networks a hijacker has managed to mine about $200,000 in Dogecoin at current market rates (1000 Doge = $0.35). NAS boxes manufactured by Synology where targeted to create a botnet of infected devices. The combined computing power of the storage servers was directed at a private pool which was mining Dogecoin. The hijacker generated approximately 500 million Dogecoin between Janurary and April through which users of the Synology NAS boxes reported poor performance on their devices and high CPU usage reading even when the devices were supposedly idle.
Secureworks, the subsidiary of Dell which uncovered the issue, reported:
“As early as February 8th of this year, computer users began to notice their Synology Network Attached Storage (NAS) boxes were performing sluggishly and had a very high CPU usage… To date, this incident is the single most profitable, illegitimate mining operation.”
Investigators found a process named “PWNED” which was the mining software on infected devices, which was reported to Synology via Facebook way back in February. Purportedly the hijack would not have been as obvious upon closer inspection if it were not named as such. The hacker gained access to the file servers through known issues on devices that had not been patched with the latest updates.
The Secureworks blog post which details the exploit tells us that the username used in the mining software configuration file was “folio” that leads to German speaking accounts on Github and Bitbucket, which appear to belong to somebody who is no stranger to malware and system exploits.
Although the NAS boxes only have a barebones CPU, which has about the same power if not less than a smartphone, when enough of them where used together they had the capacity to mine a huge amount of Dogecoin, this is a testament to how widespread this hijack was. Presumably the hijacker chose to mine Dogecoin for this exploit as it would prove much more profitable than Bitcoin, for example, which has a much higher network difficulty and is only seriously mined with ASIC devices at this stage.
These types of mining botnets have cropped up in all sorts of places. Recent game Watch Dogs had a pirate torrent uploaded in May that would install a pirated version of the game, but also installed trojan software to use your gaming PC’s fancy GPU as part of a mining operation. Mining software has even been found in seemingly legit apps on the Google Play app store and security camera DVRs, although this is an incredibly inefficient way to mine cryptocurrency that usually uses more money in electricity than it produces this is, of course, not a concern of the hacker.
Affected consumers can now find discussion and instructions on how to patch the hijack and exploit on their device over at the Synology Forums.