Slashdot Mirror
Malware Infects 70% of Seagate Central NAS Drives, Earns $86,400 (softpedia.com)
An anonymous Slashdot reader writes: A new malware family has infected over 70% of all Seagate Central NAS devices connected to the Internet. The malware, named Miner-C or PhotoMiner, uses these hard-drives as an intermediary point to infect connected PCs and install software that mines for the Monero cryptocurrency... The crooks made over $86,000 from Monero mining so far.
The hard drives are easy to infect because Seagate does not allow users to delete or deactivate a certain "shared" folder when the device is exposed to the Internet. Over 5,000 Seagate Central NAS devices are currently infected.
Researchers estimates the malware is now responsible for 2.5% of all mining activity for the Monero cryptocurrency, according to the article. "The quandary is that Seagate Central owners have no way to protect their device. Turning off the remote access NAS feature can prevent the infection, but also means they lose the ability to access the device from a remote location, one of the reasons they purchased the hard drive in the first place."
The hard drives are easy to infect because Seagate does not allow users to delete or deactivate a certain "shared" folder when the device is exposed to the Internet. Over 5,000 Seagate Central NAS devices are currently infected.
Researchers estimates the malware is now responsible for 2.5% of all mining activity for the Monero cryptocurrency, according to the article. "The quandary is that Seagate Central owners have no way to protect their device. Turning off the remote access NAS feature can prevent the infection, but also means they lose the ability to access the device from a remote location, one of the reasons they purchased the hard drive in the first place."
Once again, exposing various things directly to the Internet is a Bad Thing.
Indeed it is, but it likely isn't really exposed "directly to the Internet". More likely it runs some service through a Seagate server that makes it available (likely by default, no less). After all, this is designed for home users and how many home users even would know how to modify their router's default rules to expose a specific port on a specific system to the internet?
claiming device owners "have no way to protect their device" is bullshit.
Well, if the first thing it does out of the box is call home to Seagate to give owners remote access to their files through the magical Seagate cloud, then the statement might be pretty darned accurate. These drives most likely default to getting addresses by DHCP on the user's network, and the user most likely gets their outside address by DHCP from their ISP. These hackers likely aren't finding these drives to be exposed directly, but rather to be exposed via Seagate. And considering the (lack of) quality that is Seagate these days, the drives probably have some terrible default password as well that makes it trivially easy for a hacker to get in.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.