Skip to main content

Some Seagate Network Attached Storage Devices May Be Hosting Malware

By October 3, 2016May 25th, 2021Blog, Cybersecurity

somexseagateThousands of publicly accessible FTP servers, including a number from Seagate network-attached storage devices, have been found on the internet that have been broken into, corrupted and are currently hosting cryptocurrency-mining malware. This is according to the latest report released by security researchers from Sophos.

The research team made the discovery when they were tracking a malicious program called Mal/Miner-C, which infects machines and hijacks systems to generate Monero, which is a cryptocurrency similar to Bitcoin, but whose units are more easily mined.

Bitcoin used to be the target of choice for hackers who would infect computers around the world and use their processing power to solve the complex mathematical equations used to generate additional units of the currency.

Unfortunately, as Bitcoin’s network grew and became increasingly complex, mining became correspondingly more difficult, which made utilizing personal computers for currency generation unprofitable. In response, the hackers began casting about for an alternative currency that was easier to mine. Their new top choice is Monero.

The attack begins when hackers scan for FTP servers that are internet accessible. Armed with a list, they try to log in using default or weak credentials, or perhaps with anonymous accounts. Once they gain access, they verify that they’ve got write access, and if so, make a copy of the software on every directory on the machine.

The one thing the current version of Mal/Miner-C doesn’t have is a means to automatically run. In order to run, it has to disguise itself as a mundane program in the hopes of fooling a user to manually run it.

So, how big is the problem?

Sophos counted more than 1.7 million Mal/Miner-C detections over the last six months, coming from more than three thousand different systems. Most of the impacted systems had multiple running instances of the software, residing in different directories.

Using an internet scanning engine called Censys, they found more than seven thousand public FTP servers on the net and were able to determine that 5,137 of them had been infected with Mal/Miner-C. While not a common problem, if you have a public FTP server that has seemed sluggish or slow, this could be the reason.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.