Bitcoin
$63,784.59+1.26%
Ethereum
$3,041.97-0.46%
Binance Coin
$554.12+1.18%
Solana
$140.97+1.73%
XRP
$0.50253809+1.01%
Dogecoin
$0.15514832+3.73%
Toncoin
$5.96-8.31%
Cardano
$0.46889749+3.18%
Shiba Inu
$0.00002287+1.88%
Avalanche
$34.48-0.14%
Wrapped Bitcoin
$63,856.95+1.23%
Tron
$0.11007472+0.68%
PlayIconNav
Crypto Prices CoinDesk 20 Index CoinDesk 20 Index
Consensus 2024Price Increase Extension Ends In
00
DAYS
19
HR
06
MIN
35
SEC
Markets

Hackers Plant Crypto Miners by Exploiting Flaw in Popular Server Framework Salt

Hackers have exploited a critical flaw in infrastructure management tool Salt and, in one case planted crypto mining software.

By Paddy Baker
AccessTimeIconMay 4, 2020 at 2:10 p.m. UTC
Updated Sep 14, 2021 at 8:36 a.m. UTC
(Credit: Shutterstock)
(Credit: Shutterstock)
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

A hacking group has installed crypto mining malware into a company server through a weakness in Salt, a popular infrastructure tool used by the likes of IBM, LinkedIn and eBay.

Blogging platform Ghost said Sunday an attacker had successfully infiltrated its Salt-based server infrastructure and deployed a crypto-mining virus.

"Our investigation indicates that a critical vulnerability in our server management infrastructure ... was used in an attempt to mine cryptocurrency on our servers," reads an incident report. "The mining attempt spiked CPUs and quickly overloaded most of our systems, which alerted us to the issue immediately."

Ghost said Monday developers had removed the mining malware from its servers and added whole new firewall configurations.

See also: dForce Hacker Returns Almost All of Stolen $25M in Crypto

Salt is an open-source framework, developed by SaltStack, that manages and automates key parts of company servers. Clients, including IBM Cloud, LinkedIn, and eBay, use Salt to configure servers, relay messages from the "master server" and issue commands to a specific time schedule.

SaltStack alerted clients a few weeks ago there was a "critical vulnerability" in the latest version of Salt that allowed a "remote user to access some methods without authentication" and gave "arbitrary directory access to authenticated users."

SaltStack also released a software update fixing the flaw on April 23.

Android mobile operating system LineageOS said hackers had also accessed its core infrastructure via the same flaw, but the breach was quickly detected. In a report Sunday the company admitted it hadn't updated the Salt software.

It remains unknown whether the same group is behind the LineageOS and Ghost attacks. Some attacks have planted crypto mining software, while others have instead planted backdoors into servers.

See also: Monero Hacker Group ‘Outlaw’ Is Back and Targeting American Business: Report

It isn't clear if hackers mined a particular cryptocurrency. Hacking groups have generally favored monero (XMR), as it can be mined with just general purpose CPUs, not dedicated mining chips, and can be traded with little risk of detection.

CoinDesk has approached SaltStack for comment, but hadn't heard back by press time.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.