XMR Stak takes up 50% of cpu at all time?

Post Reply
mesterbob
Posts: 1
youtube meble na wymiar Warszawa
Joined: Wed May 09, 2018 8:32 pm

XMR Stak takes up 50% of cpu at all time?

Post by mesterbob »

Hi there

So i just found out that i have a proces called "xmr-stak" which uses around 50% of my cpu at all times. I have uninstalled all programs that i installed and its still there..

Have searched the net for XMR stak, and got some suggestions that it might be a miner..
Image

Is this an infection of my NAS?

Edit:
So just found out that i have had a login from an outside IP which is not me.
Image

It shows up as NVRADMIN.

after a search on the internet i can see that there might be someone who is lurking around.
https://www.purehacking.com/blog/matthe ... ploitation

So i went on blocking the ip and after restart the proces hasnt started by itself.

I just think that this is until the culprit tries to logon again,
What should i do?
Top
vitosx
Posts: 52
Joined: Sun Sep 24, 2017 11:30 pm

Re: XMR Stak takes up 50% of cpu at all time?

Post by vitosx »

Hello,

Xmr-stak looks as a miner for me too.

Here comes what I was afraid of since I bought my NAS and peeked around on its system. Security of Asustor ADM is really poor and security issues are fixed very slowly. Download Center still uses old vulnerable Transmission bittorrent client, running as root. Java JRE version is 3 years old. ADM Defender firewall GUI does not support IPv6, exposing everything you have on your NAS if your network is running IPv6 and your NAS is not protected by another firewall. The list goes on...

First, there was a discussion on these forum regarding hidden nvradmin user account. Disable it.
viewtopic.php?f=71&t=9593
viewtopic.php?f=105&t=9594&p=30860
I am not sure if this account was actually used to launch malware on your NAS, nevertheless it is not needed.

Second,
Asustor is a nice home NAS storage, but in my opinion this device is not ready to be exposed to Internet at all. Please, really please disable at least access to ADM (ports 8000 and 8001) from Internet.

Third,
Watch if xmr-stak process reappears. Maybe its installation was not persistent, but maybe it is scheduled to start with delay to stay under the radar.

Fourth,
Update ADM to the latest version, if you still haven't. They fixed some vulnerabilities according to the link you posted.
Top
yogibogs
Posts: 16
Joined: Fri Dec 12, 2014 9:22 pm

Re: XMR Stak takes up 50% of cpu at all time?

Post by yogibogs »

Hey there! Just encountered this myself but xmr-stak art 100% :(
Top
User avatar
orion
Posts: 3485
Joined: Wed May 29, 2013 11:09 am

Re: XMR Stak takes up 50% of cpu at all time?

Post by orion »

yogibogs wrote:Hey there! Just encountered this myself but xmr-stak art 100% :(
It seems not a single case. Someone fix it here: viewtopic.php?f=29&t=9663&p=31179
I think you should report it to asustor too.
Top
Post Reply

Return to “[Official] For AS31XX/ AS32XX Series”