Hijacked NAS systems yield half a million euros in dogecoins

The hackers who abused Synology storage systems to mine dogecoins earlier this year managed to generate an amount of virtual coins worth almost half a million euros in two months. The criminals surreptitiously ran CPUminer on the NAS systems.

In early February, Synology users complained about slow performance of their NAS systems, and after investigation, it became clear that processes labeled PWNEDm were taking up computing power. The processes could be traced back to a bitcoin miner. Dell Secureworks has been investigating the case for the past few months and concluded that the malware CPUminer was used by the criminals.

The miner connected to a private mining pool server and from the connection and information stored in the PWND folder on the systems, it was determined that the botmaster’s public key belonged to a dogecoin wallet rather than a bitcoin wallet. as was initially thought. Research into the blockchain of that address and that of another address used, yielded the estimate that 500 million dogecoins had been mined in January and February, with a converted value of 458,170 euros.

According to Dell, the man behind the mining operation is no stranger to malware and is likely of German origin. It would be the second most lucrative illegal mining operation to date, Dell concludes.

In September last year, Synology’s DSM software was found to contain four serious vulnerabilities that hackers could exploit to completely take over NAS systems. A simple search for “site:synology.me” was enough to find vulnerable systems. Synology has since closed the leaks.