



“Ultimately, it was discovered that the cause of the excessive resource consumption was due to illegitimate software that had infected the systems, which ironically, was stored in a folder labeled ‘PWNED,’”

Andrea Fabrizi. The bugs ranged from a remote file download issue, where authenticated users were allowed to download any file including password files owned by other DSM users, to a command-injection vulnerability, and two issues that led to partial remote content downloads. Firstly the bug was reported on September 2013 by a researcher. The bugs ranged from a remote file download issue, where authenticated users were allowed to download any file including password files owned by other DSM users, to a command-injection vulnerability, and two issues that led to partial remote content downloads.









Researcher have found the 'Pwned' folder on the compromised system and it didn't take them long to figure out that the hackers were mining cryptocurrency. The attacker had dropped CPUMiner malware that had been tweaked for Synology NAS hardware. The malware opened a backdoor and connected over port 8332 to a remote server





The digital wallet address was unknown on public mining pools. After that researcher have got some of the evidence cryptocurrency blockchain in a code string, as well as the botmaster’s public key that matched a particular Dogecoin wallet.





After exploring the deep investigation on the address they have found the approx value of 500 million mined Dogecoins. And this was the totally a sum of $620,496 USD, and this was earned just in two moths.









A unknown hacker had take the advantage of vulnerabilities in Synology network which makes the attacker to mine a digital currency Dogecoin of worth $600,000. Researchersandof Dell SecureWorks, have published the details of the attack. Researcher have discussed four vulnerability in the Synology boxes’ DiskStation Manager Linux-based operating system. The bugs were reported last September and patched in February.Researcher says-Between Feb. 1 and May 9, scans for port 5000, the same port on which Synology NAS boxes listen, rose to unprecedented levels, the SANS Internet Storm Center said.