Users of Synology‘s products might enjoy having their own personal clouds at home or in the office, but if they’re not careful, they might be unknowingly making some hacker or hackers thousands of dollars. This is the scenario painted by security company Dell SecureWorks when it revealed how a number of Synology’s drives have been compromised in order to produce Dogecoins.
That the hackers got away with cryptocurrency might not exactly sound like a big deal, that is until you hear just how much. According to SecureWorks, the hackers were able to mine 500 million Dogecoins. Translated to today’s cryptocurrency conversion, that practically amounts to $620,000. Not exactly an insignificant amount and all accomplished by simply making these compromised computers run calculations.
If it sounds puzzling it is due to how dogecoins, or bitcoins or any cryptocurrency for that matter, are produced. Since there is no central regulating body, dogecoins are created through the act of “mining”. Miners will use computers to process dogecoin transactions. In exchange, they are given new coins for their labor. Or at least that’s the theory. Hackers have been able to find a way to use the distributed power of compromised computers to do the mining for them, instead of buying and using their own hardware like most dedicated miners do.
The hackers, which SecureWorks was able to trace to a dogecoin miner in Germany, exploited vulnerabilities in Synology’s software to install the CPUMiner program to run on the Linux-based Disk Station Manager operating system. Once in place, the program set out to work for their owners, taking up most of the NAS drive’s CPU and memory. Owners who have been affected by this malware reported that their devices were running considerably slower and hotter than normal.
The good news is that Synology has been well aware of the vulnerability since last year and has issued an update in February that addresses this particular issue. But given how users do not always keep their systems, especially those connected to the Internet, up to date, they might still be running the hacker’s program or are, at the very least, vulnerable to a similar attack.
VIA: Ars Technica