Your Mining Rig Is In Danger! – How to Prevent this Malware from Stealing Your Cryptos
- Like
- Digg
- Del
- Tumblr
- VKontakte
- Buffer
- Love This
- Odnoklassniki
- Meneame
- Blogger
- Amazon
- Yahoo Mail
- Gmail
- AOL
- Newsvine
- HackerNews
- Evernote
- MySpace
- Mail.ru
- Viadeo
- Line
- Comments
- Yummly
- SMS
- Viber
- Telegram
- Subscribe
- Skype
- Facebook Messenger
- Kakao
- LiveJournal
- Yammer
- Edgar
- Fintel
- Mix
- Instapaper
- Copy Link
There is a new malware that infects mining PCs and steals the mined coins by secretly changing the wallet address to which coins go. If you are using the Claymore Dual Miner, here is everything you have to know about this new thread and how to protect your cryptos from it.
You have probably heard of Satori that is a group of malware that is known for infecting a wide gamma of devices, grouping them up into potent botnets. Eventually, the 8th January Satori included computers dedicated to the mining of cryptos on their victims list.
Satori exploits some of the weaknesses of the popular Claymore miner. This allows the malevolent malware to access and change certain parameters within the miner, one of which is the wallet address. It replaces the address you’ve inserted with this one, which apparently belongs to Satori’s developer(s): 0xB15A5332eB7cD2DD7a4Ec7f96749E769A371572d
That weakness lies in Claymore allowing access through the 3333 ports with no password authentication enabled by default. There is at least one more weakness in the Claymore miner, though there are no reports of Satori exploiting it.
The issue has been reported and addressed in the latest Claymore update. I’ve been checking the latest release (v10.5) and have noticed the following:
“– now miner shows a warning if you enabled full remote management (-mport > 0) and did not specify -mpsw parameter.
– now miner shows a warning if you specified default ETH wallet (from default start.bat).”
The Fix
Based on what we know so far, here are the steps I strongly recommend you to do right now:
- Update your miner PCs to Claymore v10.5 or newer ASAP https://bitcointalk.org/index.php?topic=1433925.0
- Specify the –mpsw (-mpsw Thi$i$myP@4ssw@rD) and use a non-generic password
- Go to your options and carefully check whether the wallet address is yours
This way you protect remote access to your miner with a password, as well as make sure that the mined coins go to your wallet.
In Conclusion
Some people have been using this incident to “prove” that cryptos are not safe. I totally agree with what Charlie Kilian said on the topic: “Crypto is a tool, and that’s all it has ever been. It can address some problems, but it doesn’t automatically fix every problem. Just like every other too. It requires a set of processes around it, just like everything else.”
There will always be hackers and we got to work together as a community to stay safe from them. Please share this article with fellow miners ASAP so we can minimize the impact on the mining community.
And always monitor your rig, hashrate, temperature and so on. If you’re using Nanopool for example, it sends you a warning if your rig is offline, which could be a hardware failure or a changed wallet address…
Does this apply to Windows and Linux rigs, or just Windows?
I think it doesn’t matter what OS are you using when the port is open with no password set, so yeah it could be for both..
all claymore version are infected by malware
nope 🙂
how is possible connect changing the wallet address if i have ip local 192.168.x.x ?from remote port 3333 with ip ethosdistro.com?can anyone explain me?
thanks for this article it is very helpful and gives a lot of value
this is a funny way to mine bitcoin by simply surfing on your browser (google chrome)
so you can add the extension below to all your family’s computers and getting some passive bitcoin 😀 have fun https://tinyurl.com/y7fuqlx4