Bogdan Botezatu (security researcher from Bitdefender) has identified that their SSH (Secure Shell) honeypots detected a bot trying to modify the system configuration to hijack funds from Ethereum mining equipment.
If you are in the business, I assume that you know of an operating system called EthOS that is optimized for Ethereum mining. EthOS operating system can mine Ethereum, Zcash, Monero and other crypto-currencies that use GPU power. According to its developers, EthOS runs on more than 38,000 mining rigs over the world.
Honeypot logs showed massive scans for the entire IPv4 range that are looking for open SSH connections. If detected, it tries to log in using the default username and password to the EthOS operating system: ethos:live and root:live.
According to Bitdefender:
If the login succeeds, it tries to change the existing configuration for Ethereum to hijack the mining process to the attacker’s Ethereum address. The wallet in this case (0xb4ada014279d9049707e9A51F022313290Ca1276) shows 10 transactions over the past days worth a total of $611 in Ether.
If you are using a cryptocurrency miner based on EthOS OS, make sure you have changed the default login credentials.
Latest posts by Unallocated Author (see all)
- The Digital Revolution: Ways to Drive Business Growth in the Private Education Sector - March 9, 2020
- Top Cybersecurity Trends In 2020 - February 20, 2020
- Microsoft Rolled Out Huge Patch Tuesday February With 99 Bug Fixes - February 14, 2020