Hacker hijacked storage devices, mined $ 620,000 in Dogecoin

Dogecoin for those Anyone who doesn’t bother with internet meta memes seems harmless. But for an enterprising hacker, it’s a small fortune – at the price of annoying many system administrators.

Two researchers from Dell’s security division, Secureworks, traced a collection of malware-infected storage devices to a hacker who amassed more than $ 620,000 in currency. They say Stash, largely created in just two months earlier this year, could be the largest cryptocurrency hoard ever mined by the computers of ignorant victims. (Impressive.)

“To date, this incident is the most profitable and illegal mining operation,” writes Pat Litke in a blog post explaining the results. However, the two researchers concede that they can only prove that only a small fraction of the coins were recovered from the hacked storage boxes, and it is not clear what other machines – compromised or not – the hacker used to get such a significant one Doge mine riches.

Litke and colleague David Shear spent months after a security vulnerability in the storage hardware of Taiwanese company Synology. In September, security researcher Andrea Fabrizi found that the operating system used by such devices contained bugs that would allow an attacker to take control of computers remotely and install malware. In February, Synology users started complaining that their devices were running slowly, and a Facebook poster stated that it had found a folder labeled “PWNED” on their computer.

In sample files shared online by infected users, Shear and Litke found a program called CPUminer, which is used in mining cryptocurrencies like Bitcoin. “That was the entrance to the rabbit hole,” says Litke. “It became clear that a considerable amount of money was being made from these Synology Boxes.”

When analyzing a configuration file in the “PWNED” folder, they found that the mined currency was not sent to a Bitcoin address, but to one linked to Dogecoin, a semi-serious alternative to Bitcoin that has become one since its launch in December of the most active cryptocurrencies. By checking the Dogecoin blockchain (the public ledger of all Dogecoin transactions) they were able to see all of the coins that were mined at that address and another address associated with the same hacker. +++ bottom left

Dogecoin Foundation

In total, the two addresses produced more than 500 million Dogecoins. Although this is less than $ 200,000 at today’s exchange rate with the dollar, Litke and Shear have found that the person controlling these coins pulled them out of their wallet as quickly as they made them. Assuming that the coins were redeemed at the exchange rates that were higher at the time, Dell calculated that the balance would have reached $ 620,496.

According to company spokesman Thadd Weil, Synology released a patch for the vulnerabilities as soon as it found out about the bugs on February 14th. “We take people’s data very seriously and want people to know that their data is safe as long as they take precautions and keep their software up to date,” he said in an interview.

Litke and Shear say many Dogecoins couldn’t be reached with the hijacked storage devices alone – each one has the cryptocurrency-mining power of a smartphone, it is said. Even thousands of machines would not create the arithmetic muscle necessary to mine millions of doge coins. The hijacked storage machines and others may explain why the hacker mined Dogecoin instead of Bitcoin. Bitcoin’s highly competitive mining community makes it nearly impossible to mine coins using a regular CPU processor instead of a GPU or a specially designed ASIC chip.

Given the inadequate processing power of the Synology boxes, it is not clear how the hacker managed to mine the rest of his Dogecoin wealth. But Shear and Litke found the username “Foilo” in the malware on Synology machines, which they traced back to accounts on GitHub and Bitbucket. It appears from these reports that they learned that the hacker speaks German and appears to be focused on security exploits, an indication that the rest of the Dogecoins may have been mined by other hacked machines. “It’s pretty obvious he’s working with black hat code,” says Shear.

The Synology Boxes are a far cry from the first computers that were hijacked to generate cryptocurrency on behalf of a hacker. Bitcoin mining malware for PCs has been around for years and has recently branched out into machines as unlikely as phones and DVRs for security cameras.

As Bitcoin mining becomes too difficult for the processors of these internet-connected objects, you should expect more illegal mining to switch to Bitcoin alternatives for Dogecoin. Who would have thought a cute Shibu Inu could be so threatening?

Comments are closed.