If configured for remote access, the devices expose a writable FTP directory to the Internet that attackers can abuse Thousands of publicly accessible FTP servers, including many from Seagate network-attached storage devices, are being used by criminals to host cryptocurrency mining malware. Researchers from security vendor Sophos made the discovery when they investigated a malicious program dubbed Mal/Miner-C, which infects Windows computers and hijacks their CPUs and GPUs to generate Monero, a bitcoin-inspired cryptocurrency. With most cryptocurrencies, users can generate new units by devoting their computing resources to solving complex math problems needed to validate transactions in the network. This process, known as “mining,” provides an incentive for attackers to hijack other people’s computers and use them for their own gain. Bitcoin mining malware used to be widespread some years ago, but as the cryptocurrency’s network grew, mining became more difficult and using personal computers, which have limited computing resources, stopped being profitable. Some malware writers, like those behind Mal/Miner-C, have now turned their attention to newer cryptocurrencies, like Monero, that are easier to mine. The Sophos researchers found that Mal/Miner-C does not have an automatic infection mechanism and instead relies on users to execute the malicious program. As such, it is distributed via downloads through compromised websites, but also through open FTP servers. Attackers scan for FTP servers that are accessible from the internet and attempt to log in with default and weak credentials or with anonymous accounts. If successful, they verify that they have write access on the server and copy the malware in all of the available directories. This explains why Sophos counted more than 1.7 million Mal/Miner-C detections over the past six months from about 3,000 systems. Most of the affected systems were FTP servers that hosted multiple copies of the malware in different directories. The researchers used an internet scanning engine called Censys to identify public FTP servers that allow anonymous access with write privileges. They found 7,263 such servers and determined that 5,137 of them had been contaminated with Mal/Miner-C. Another interesting discovery was that many of those FTP servers were running on Seagate Central NAS devices. While this malware threat does not specifically target such devices, it turns out that Seagate Central’s configuration makes it easier for users to expose insecure FTP servers to the Internet. By default, the Seagate Central NAS system provides a public folder for sharing data, the Sophos researchers said in a paper published Friday. This public folder cannot be disabled and if the device administrator enables remote access to the device, it will become accessible to anyone on the Internet, they said. FTP servers that have been compromised by Mal/Miner-C contain two files, called Photo.scr and info.zip. Photo.scr is a Windows executable file, but its icon masquerades as that of a Windows folder to trick users into accidentally executing it. Related content brandpost Sponsored by Zscaler Legacy firewalls and VPNs still not up to par when stopping attacks Zero trust leaves the weaknesses of perimeter-based, network-centric, firewall-and-VPN architectures in the past. By Zscaler Apr 23, 2024 6 mins Network Security news Networking among tech roles forecast for growth in 2024 In the U.S., tech occupation employment is projected to increase by 203,125 jobs, or 3.5%, in 2024, according to CompTIA. By Denise Dubie Apr 23, 2024 3 mins Certifications IT Jobs IT Skills news European trade body lashes out at Broadcom’s VMware licensing changes CISPE said the economic viability of many cloud services utilized by customers in Europe is threatened by “the massive and unjustifiable hikes in prices, the re-bundling of products, the altered basis of billing.” By Prasanth Aby Thomas Apr 23, 2024 5 mins Technology Industry Cloud Computing news Network jobs watch: Hiring, skills and certification trends What IT leaders need to know about expanding responsibilities, new titles and hot skills for network professionals and I&O teams. By Denise Dubie Apr 22, 2024 5 mins Careers Data Center Networking PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe