Synology NAS boxes being hijacked to mine bitcoin (dogecoin)

[WoodiE]

I know we have a number of users here that use Synology NAS boxes in their home labs so I felt it was appropriate to share this.

Hacker Hijacks Synology NAS Boxes for Dogecoin Mining Operation, Reaping Half Million Dollars in Two Months - http://t.co/61sctK8ErM

Here is a post on the Synology forums on how to clean your Synology NAS if it's infected with the malware - http://forum.synology.com/enu/viewtopic.php?f=19&t=80857&p=303732#p303732

Moral of the story... keep your boxes updated!

 

[Thuleman]

Didn't read the story, but how does a NAS box end up on the open Internet?

 

[peanuthead]

Didn't read the story, but how does a NAS box end up on the open Internet?

That was my first thought. I then remembered and read that Synology now allows you to remotely access your Synology from anywhere using their website. Functions like ddns. If you set the dsm to auto update it shouldn't be an issue along with keeping your stuff behind a good firewall. Just like when people but their esxi hosts directly on the Internet.

 

[zerodamage]

More than half a million US Dollars in just a month. Only worth it if you got away with it.