Monday, 12 September 2016

"Seagate Central" NAS devices become malware distributors


Sophos researchers say they've uncovered a malware strain that targets Seagate's network-attached storage appliances and turns them into distribution points for cryptocurrency-mining malware.

Attila Marosi, a senior threat researcher, explains the attack in a document titled Cryptomining malware on NAS servers (PDF).

"Attack" is being kind: Marosi notes that the NAS at the heart of the problem - the "Seagate Central" - has a public folder that can be written to by default when remote access is enabled. All you need to do to access that folder is FTP in with publicly-published credentials.