There is a new malware that infects mining PCs and steals the mined coins by secretly changing the wallet address to which coins go. If you are using the Claymore Dual Miner, here is everything you have to know about this new thread and how to protect your cryptos from it.
You have probably heard of Satori that is a group of malware that is known for infecting a wide gamma of devices, grouping them up into potent botnets. Eventually, the 8th January Satori included computers dedicated to the mining of cryptos on their victims list.
Satori exploits some of the weaknesses of the popular Claymore miner. This allows the malevolent malware to access and change certain parameters within the miner, one of which is the wallet address. It replaces the address you’ve inserted with this one, which apparently belongs to Satori’s developer(s): 0xB15A5332eB7cD2DD7a4Ec7f96749E769A371572d
That weakness lies in Claymore allowing access through the 3333 ports with no password authentication enabled by default. There is at least one more weakness in the Claymore miner, though there are no reports of Satori exploiting it.
The issue has been reported and addressed in the latest Claymore update. I’ve been checking the latest release (v10.5) and have noticed the following:
“– now miner shows a warning if you enabled full remote management (-mport > 0) and did not specify -mpsw parameter.
– now miner shows a warning if you specified default ETH wallet (from default start.bat).”
Based on what we know so far, here are the steps I strongly recommend you to do right now:
- Update your miner PCs to Claymore v10.5 or newer ASAP https://bitcointalk.org/index.php?topic=1433925.0
- Specify the –mpsw (-mpsw Thi$i$myP@4ssw@rD) and use a non-generic password
- Go to your options and carefully check whether the wallet address is yours
This way you protect remote access to your miner with a password, as well as make sure that the mined coins go to your wallet.
Some people have been using this incident to “prove” that cryptos are not safe. I totally agree with what Charlie Kilian said on the topic: “Crypto is a tool, and that’s all it has ever been. It can address some problems, but it doesn’t automatically fix every problem. Just like every other too. It requires a set of processes around it, just like everything else.”
There will always be hackers and we got to work together as a community to stay safe from them. Please share this article with fellow miners ASAP so we can minimize the impact on the mining community.
Thank you for reading. As always, your comments, suggestions and questions are welcome.
Subscribe and stay tuned for further updates!