Compact NAS boxes are a great way to store and share files on your home network. They’re also a great way for criminals to extort cash from unsuspecting owners.Once they’re set up and happily hosting files, a lot of people who own a NAS don’t give them a second thought. Those same people might, say, enable a remote access feature so that they can access files and manage their NAS from afar like a vast number of Seagate Central owners did.According to Sophos, that simple act gave malware authors the vector they needed to infect the devices. Their payload has been dubbed Mal/Miner-C, and Sophos researchers note that it wasn’t specifically engineered to target Storage Central units — it just happened that the FTP vector that Mal/Miner-C exploits was left wide open on them.There was a simple way to batten down the hatches. Seagate made it so that public sharing couldn’t be disabled for whatever reason (let’s assume it was “for the convenience of the consumer”), but the password could be changed easily enough. Thousands of Storage Central owners didn’t bother doing that after they flipped the remote switch.That allowed Mal/Miner-C to coerce infected NAS boxes (and other infected machines) to mine for the Bitcoin alternative Monero. The Sophos report states that 2.5% of the all Monero mining activity is coming from Mal/Miner-C infections — and the ledger shows a cool $86,000 paid to its criminal master(s) so far.At the current hash rate, Sophos estimates that they’re capable of bringing in a little under $500 every day the malware keeps running. Another alarming figure: they’ve infected a huge majority of machines that are vulnerable.Out of the 7,263 systems Sophos found that met all the prerequisites for infection, a whopping 5,137 were infected. That’s over 70%. Yikes.
Powered By Impressive Business WordPress Theme