Many Seagate Central network-attached storage devices are now targetted by a cryptocurrency mining malware called ‘Miner-C’, also called as ‘PhotoMiner’. This problem has started to appear since June 2016 and reports indicate that the malware target FTP servers by using brute-force method using default access credentials.
Sophos pointed that Seagate Central are not the only targetted network devices. Contrary to the reports posted by multiple sources, this malware affects those NAS units with a specific security flaw. Seagate Central is one of the known NAS that has this flaw. The reason why Miner-C specifically attacks Seagate according to Sophos is that these NAS units have a flaw where it creates its copy in the public folders. This data cannot be deleted and it can be accessed by anyone even without logging in. Miner-C copies its “Photo.Scr” script in this folder. This script appeared as a default windows folder icon. Since this public folder is accessible by anyone, it would just take one person to simply open this folder, mistaking that there’s something in it. A detailed report can be read here.
The only way to fix this issue is by disabling one of the main purposes of a NAS- turning off remote location. There is no word of any other NAS units tested positive for this flaw, nor Seagate has provided any update or fix.
According to Sophos, around 5,000 Seagate Central NAS devices are infected by Miner C, which accounts for about 70% of Seagate’s Central NAS connected to the internet. Network-attached storage devices let users access their data either from an internet connection or using a local-area network, provided the user has the required login credentials.
As of now, ‘Monero’ is the most profitable cryptocurrency as mining bitcoins has become difficult over the years. Unlike Bitcoin which would require a lot of processing power, Monero can mine even in an ordinary PC. It is estimated that Miner-C has mined $86,400 worth of money.
— Hardware BBQ (@HardwareBBQ) September 16, 2016