The SecureWorks report revealed that the hacker targeted network attached storage (NAS) boxes made by Taiwan-based Synology Inc. and used its computing power to mine dogecoin through a private pool. The action caused problems for Synology’s customers, some of whom reported poor performance on Facebook in February.
SecureWorks called the months-long intrusion unprecedented, saying:
Following reports of an issue, the investigators ultimately discovered a folder entitled ‘PWNED’ that contained the mining software CPUMiner and the capacity to conceal the program.
The address the mined dogecoins were being sent to was also identified, revealing the accumulation of more than 400 million dogecoins. Along with another wallet, the hacker generated roughly 500 million dogecoins between January and April.
In addition to exploring the technical aspects of the attack, SecureWorks delved into the possible identity of the assailant, suggesting that "the findings strongly indicate that the threat actor is of German descent".
Hacker used private pool
The configuration file of the software that was infecting Synology’s NAS boxes pointed to the presence of hidden mining software. CPUMiner, the program used, had been modified to run on the boxes and was connecting to a dogecoin pool not associated with any public mining group, SecureWorks said. Each NAS box acted as an individual miner, connecting to the pool and generating dogecoins.
SecureWorks accessed the data being sent to the NAS boxes, which allowed them to ascertain the dogecoin wallet address holding the fraudulently mined dogecoins, as well as the possible identity of the hacker.
Dubbed "foilo.root3" in the configuration file, the user appears to have a connection with accounts on GitHub and BitBucket, although it remains unclear whether the name is unique to a single person.
Mining malware gains
The dogecoin mining attack represents one of the more creative approaches to generating digital currency through fraudulent means. Other recent attempts have found wrongdoers using unique means to upload software to mine bitcoin, but in nearly all cases, the program was designed to conceal itself and its operations.
Last month, unknown hackers attempted to distribute bitcoin mining malware through a modified torrent file of the video game Watch Dogs. This attack was notable as it targeted another form of online piracy.
A more unusual concealed attempt to create mining botnets out of mobile phones was uncovered in April. At the time, a group of wallpaper apps listed on the Google Play app store were discovered to contain bitcoin mining programs and were subsequently removed.
Image via Dig Doge
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.