Thousands of infected FTP servers net attackers $88k in cryptocurrency

From ArsTechnica:

Attackers are draining the CPU and power resources of more than 5,000 file transfer protocol servers by infecting them with malware that surreptitiously mints the relatively new crypto currency called Monero, researchers said.

A notable percentage of the 5,137 infected servers are powered by Seagate Central, a network-attached storage device that allows users to remotely retrieve files using FTP connections, according to a report published Friday by researchers from antivirus provider Sophos. The Seagate device contains a weakness that allows attackers to upload malicious files to any device that has been configured to allow remote file access, the report said. Once users inadvertently click on the malicious files, their systems are infected with Mal/Miner-C, the malware that mines the Monero coins.

Sophos Senior Threat Researcher Attila Marosi estimated that Mal/Miner-C has already mined Monero coins valued at 76,599 Euros (about $88,347) and has the ability to earn about $481 each day. While new crypto coins sold on the open market don’t always fetch their entire estimated value, the earnings are nonetheless significant, since virtually all the hardware and electricity costs are borne by the people hosting the infected servers. The researcher went on to calculate that the infected servers comprised about half of the pool. The estimate was based on the infected servers having the capacity to generate 431,000 hashes per second when mining Monero coins, while the overall pool as measured by was 861,000 hashes per second. That translated to about 2.5 of the entire mining community.

The malware has no known abilities to spread automatically. Instead it takes advantage of FTP servers that allow anonymous users to upload to …

Continue Reading