Thousands of infected FTP servers net attackers $88k in cryptocurrency
Attackers are draining the CPU and power resources of thousands file transfer protocol servers by infecting them with malware that surreptitiously mints the relatively new crypto currency called Monero, researchers said.
A notable percentage of the 3,000 or so infected servers are powered by Seagate Central, a network-attached storage device that allows users to remotely retrieve files using FTP connections, according to a report published Friday by researchers from antivirus provider Sophos. The Seagate device contains a weakness that allows attackers to upload malicious files to any device that has been configured to allow remote file access, the report said. Once users inadvertently click on the malicious files, their systems are infected with Mal/Miner-C, the malware that mines the Monero coins.
Sophos Senior Threat Researcher Attila Marosi estimated that Mal/Miner-C has already mined Monero coins valued at 76,599 Euros (about $88,347) and has the ability to earn about $481 each day. While new crypto coins sold on the open market don’t always fetch their entire estimated value, the earnings are nonetheless significant, since virtually all the hardware and electricity costs are borne by the people hosting the infected servers. The researcher went on to calculate that the infected servers comprised about half of the monorepool.com pool. The estimate was based on the infected servers having the capacity to generate 431,000 hashes per second when mining Monero coins, while the overall pool as measured by monoepool.com was 861,000 hashes per second. That translated to about 2.5 of the entire mining community.