Attacker earned over $600,000 from his haul of the crypto filthy lucre.
Hundreds of Synology’s powerful network attached storage devices were hijacked to mine Dogecoin in what a Dell Secureworks researcher is calling the “single most profitable, illegitimate mining operation” in history.
The attacker, who goes by the alias of “Folio” according to Dell’s researchers, used a known exploit in Synology’s Diskstation Manager (DSM) 4.3 and 4.2 operating system to install the mining malware, a version of CPUMINER build specifically for Synology’s OS, into a folder brazenly named “PWNED” on the device.
Users on Synology’s support forum first reported massive slowdowns and drops in their device’s performance back in February. The bug itself was first exposed in a SecurityFocus posting back in September.
Before the bug was patched, vulnerable NAS devices could simply be found by Googling for specific related keywords.
“Back in October of 2013, simply Googling for “site:synology.me” resulted in excess of one million results. While this doesn’t sound like a lot of results (as far as the number of results that Google can return), it is unique in meaning.others). By going to “something.synology.me”, the user is routed directly to their NAS,” Dell Secureworks researcher Pat Litke wrote in a blog post.
Synology has since fixed the bug that allowed the malware to be installed.
“In February, we released a patch for DSM 5.0beta to resolve the issue. In February we also started getting a lot of support tickets for mining that happened on units that had not updated their DSM. The result: we made auto-updates the default behavior for the OS. We’ve been updating regularly, because we are now targets,” a Synology rep is quoted as saying to the press.
To get $600,000, the attacker had to mine 500 million Doge. The smallest unit of Doge’s currency, 1,000 Doge, is worth 0.35 cents.
Source: Dell Secureworks