Hackers Hijack Ethereum OS Miners Using Default SSH Credentials

Bogdan Botezatu (security researcher from Bitdefender) has identified that their SSH (Secure Shell) honeypots detected a bot trying to modify the system configuration to hijack funds from Ethereum mining equipment.

If you are in the business, I assume that you know of an operating system called EthOS that is optimized for Ethereum mining. EthOS operating system can mine Ethereum, Zcash, Monero and other crypto-currencies that use GPU power. According to its developers, EthOS runs on more than 38,000 mining rigs over the world.

Honeypot logs showed massive scans for the entire IPv4 range that are looking for open SSH connections. If detected, it tries to log in using the default username and password to the EthOS operating system: ethos:live and root:live.

According to Bitdefender:
If the login succeeds, it tries to change the existing configuration for Ethereum to hijack the mining process to the attacker’s Ethereum address. The wallet in this case (0xb4ada014279d9049707e9A51F022313290Ca1276) shows 10 transactions over the past days worth a total of $611 in Ether.

If you are using a cryptocurrency miner based on EthOS OS, make sure you have changed the default login credentials.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Glove Stealer Emerges A New Malware Threat For Browsers

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA