updated 11:30 am EDT, Thu June 19, 2014
Security researchers find September vulnerability attack to Germany
According to Dell's security researchers, a single piece of software, surrepitiously installed on some Synology network attached storage devices, has mined $620,000 of virtual currency Dogecoin. A combination of a vulnerability discovered in September and users not updating the system software of the appliances enabled the hack to occur, which installed the mining package, forcing the devices to run hot and transfer data slowly due to the load from the miner.
Dell's SecureWorks Counter Threat Unit researcher Pat Litke wrote that "to date, this incident is the single most profitable, illegitimate mining operation. As cryptocurrencies continue to gain momentum, their popularity as a target for various malware will continue to rise."
The flaw, discovered in September, was quickly patched by Synology under the DiskStation Manager OS versions 4.2 and 4.3. The update wasn't forced, and required users to click to install, a step many users did not do, allowing the perpetrator to attack the NAS units.
The CPUMiner package, and the corresponding wallet key that was installed, was traced back to Germany. Examination of the cryptocurrency's transaction chain led to the discovery of the perpetrator being from there, with more than 500 million Dogecoin being harvested from the appropriated appliances.
Synology's February patch prevents the attack, but does not eradicate the malware. Users have devised a solution, which can be found on the Synology support forums.