Hacked Synology NAS systems used in high-profit cryptocurrency mining operation

A hacker earned over $600,000 by infecting network-attached storage devices with Dogecoin mining malware, Dell SecureWorks researchers said

A hacker exploited publicly known vulnerabilities to install malware on network-attached storage systems manufactured by Synology and used their computing power to generate Dogecoins, a type of cryptocurrency.

The operation took place during the first months of the year and is likely the most profitable of its kind to date, earning the attacker over US$600,000 according to a recent analysis by researchers from Dell SecureWorks.

Using CPUs and GPUs to solve cryptographic problems as part of cryptocurrency systems is an activity referred to as mining. Those who perform it -- typically using their own systems -- are automatically rewarded by the system with units or subunits of that respective currency.

At the beginning of February reports started appearing online from users complaining about sluggish performance and high CPU usage on their Synology NAS systems, which have a Linux-based operating system called DiskStation Manager (DSM) developed by the Taiwan-based manufacturer.

The problems were tracked to an unauthorized application running on affected systems from a directory called PWNED that turned out to be a custom version of a cryptocurrency mining program called CPUMiner specifically compiled for Synology's DSM OS, the Dell SecureWorks researchers said Friday in a blog post.

An analysis of the rogue program showed that it had been configured to mine Dogecoin, a peer-to-peer cryptocurrency similar to Bitcoin that was launched in December 2013.

The Dell SecureWorks researchers identified two electronic wallet addresses associated with the rogue mining activity and determined that their owner had mined over 500 million Dogecoins, worth about $620,000, mostly during January and February.

"To date, this incident is the single most profitable, illegitimate mining operation," the researchers said. "This conclusion is based in part on prior investigations and research done by the Counter Threat Unit, as well as further searching of the Internet."

Evidence found on various websites suggests the hacker responsible for the attack uses the online alias "Foilo," is of German descent and has used malware and exploits before. The SecureWorks researchers believe the affected Synology NAS systems were compromised by exploiting vulnerabilities publicly disclosed in September 2013 by security researcher Andrea Fabrizi.

Synology released DSM updates to block the PWNED attacks in February.

The incident is the latest on a growing list of mass attacks against embedded devices reported this year. According to security experts, attackers are shifting their focus from desktop applications to such devices because they're plagued by basic vulnerabilities and can't be easily secured by nontechnical users.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securitymalwareintrusionsynologypatchesExploits / vulnerabilitiesDell SecureWorks

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?