Hi there
So i just found out that i have a proces called "xmr-stak" which uses around 50% of my cpu at all times. I have uninstalled all programs that i installed and its still there..
Have searched the net for XMR stak, and got some suggestions that it might be a miner..
Is this an infection of my NAS?
Edit:
So just found out that i have had a login from an outside IP which is not me.
It shows up as NVRADMIN.
after a search on the internet i can see that there might be someone who is lurking around.
https://www.purehacking.com/blog/matthe ... ploitation
So i went on blocking the ip and after restart the proces hasnt started by itself.
I just think that this is until the culprit tries to logon again,
What should i do?
XMR Stak takes up 50% of cpu at all time?
-
- Posts: 1
- youtube meble na wymiar Warszawa
- Joined: Wed May 09, 2018 8:32 pm
-
- Posts: 52
- Joined: Sun Sep 24, 2017 11:30 pm
Re: XMR Stak takes up 50% of cpu at all time?
Hello,
Xmr-stak looks as a miner for me too.
Here comes what I was afraid of since I bought my NAS and peeked around on its system. Security of Asustor ADM is really poor and security issues are fixed very slowly. Download Center still uses old vulnerable Transmission bittorrent client, running as root. Java JRE version is 3 years old. ADM Defender firewall GUI does not support IPv6, exposing everything you have on your NAS if your network is running IPv6 and your NAS is not protected by another firewall. The list goes on...
First, there was a discussion on these forum regarding hidden nvradmin user account. Disable it.
viewtopic.php?f=71&t=9593
viewtopic.php?f=105&t=9594&p=30860
I am not sure if this account was actually used to launch malware on your NAS, nevertheless it is not needed.
Second,
Asustor is a nice home NAS storage, but in my opinion this device is not ready to be exposed to Internet at all. Please, really please disable at least access to ADM (ports 8000 and 8001) from Internet.
Third,
Watch if xmr-stak process reappears. Maybe its installation was not persistent, but maybe it is scheduled to start with delay to stay under the radar.
Fourth,
Update ADM to the latest version, if you still haven't. They fixed some vulnerabilities according to the link you posted.
Xmr-stak looks as a miner for me too.
Here comes what I was afraid of since I bought my NAS and peeked around on its system. Security of Asustor ADM is really poor and security issues are fixed very slowly. Download Center still uses old vulnerable Transmission bittorrent client, running as root. Java JRE version is 3 years old. ADM Defender firewall GUI does not support IPv6, exposing everything you have on your NAS if your network is running IPv6 and your NAS is not protected by another firewall. The list goes on...
First, there was a discussion on these forum regarding hidden nvradmin user account. Disable it.
viewtopic.php?f=71&t=9593
viewtopic.php?f=105&t=9594&p=30860
I am not sure if this account was actually used to launch malware on your NAS, nevertheless it is not needed.
Second,
Asustor is a nice home NAS storage, but in my opinion this device is not ready to be exposed to Internet at all. Please, really please disable at least access to ADM (ports 8000 and 8001) from Internet.
Third,
Watch if xmr-stak process reappears. Maybe its installation was not persistent, but maybe it is scheduled to start with delay to stay under the radar.
Fourth,
Update ADM to the latest version, if you still haven't. They fixed some vulnerabilities according to the link you posted.
-
- Posts: 16
- Joined: Fri Dec 12, 2014 9:22 pm
Re: XMR Stak takes up 50% of cpu at all time?
Hey there! Just encountered this myself but xmr-stak art 100%
- orion
- Posts: 3485
- Joined: Wed May 29, 2013 11:09 am
Re: XMR Stak takes up 50% of cpu at all time?
It seems not a single case. Someone fix it here: viewtopic.php?f=29&t=9663&p=31179yogibogs wrote:Hey there! Just encountered this myself but xmr-stak art 100%
I think you should report it to asustor too.