How to check an async for viruses

Asik for viruses

In 2019, amid the mining boom and active growth of cryptocurrency prices, hackers created new types of programs specifically for ASICs. They allow you to change the configuration and block the farm. Before buying new equipment, it is worth checking the asic for viruses. You should also regularly scan the farm, review settings to protect income from cybercriminals.

How a virus gets into an asic

Most often, miners themselves infect the equipment, downloading custom firmware to overclock the equipment. “The “discoverer” was H-Ant from an unknown programmer. Forums and thematic sites advertised a new firmware capable of overclocking Antminer S9 from 13.5 to 18 Th/s without increasing power consumption. It was downloaded more than 10,000 times.

At the same time, some users noted that the antivirus detected dangerous files, but still installed the software. Already after 5 minutes, the hacker program was accessing all the asics on the farm. In 2019, users received the message.

“Click on the “Download Firmware Patch” button to download an update with your specific ID, and simply restore it to regular Antminer firmware to get infected. You can move the computer on which the patch was updated to another computer room to complete the infection, or encourage others to use my software in a network group – or pay 10 BTC and I will stop attacking.”

Hackers also exploit vulnerabilities in official ASIC software and when connecting to pools. The virus penetrates through the network protocol and infects the farm.

How to check an async for viruses
Equipment after a virus attack

In 2022, miners began to actively sell outdated and unprofitable equipment. At the same time, the first reports appeared that “Trojan” asics could be found on marketplaces. They already contain dangerous software, which, when connected to the network, spreads throughout the farm.

5020 $
bonus for new users!

9.8

ByBit provides convenient and safe conditions for cryptocurrency trading, offers low commissions, high level of liquidity and modern tools for market analysis. It supports spot and leveraged trading, and helps beginners and professional traders with an intuitive interface and tutorials.

Earn a 100 $ bonus

for new users!

9.5

The largest crypto exchange where you can quickly and safely start your journey in the world of cryptocurrencies. The platform offers hundreds of popular assets, low commissions and advanced tools for trading and investing. Easy registration, high speed of transactions and reliable protection of funds make Binance a great choice for traders of any level!

Types of viruses

Miners are faced with several types of viruses that differ in function. The most common is software that:

  • Alters the ASIC configuration.
  • Redirects profits to another wallet.
  • Disables the download of new firmware and changes scripts, system binaries.
  • Blocks access to the OS and stops mining.

Also in 2022, software similar to H-Ant in its mechanism of action appeared. However, it immediately and without warning turned off fans and overheating protection, causing farms to burn down.

How to check asics for viruses

To check an asic for viruses, you do not need special software, because in most cases, miners immediately notice oddities in the work of the farm. Signs of asics infection:

  • Stratum addresses have changed to extraneous ones. Resetting the settings does not help: the alien address appears again. For example, stratum+tcp://scrypt.hk.nicehash.com:3333#xnsub.
  • The hash rate of the device has decreased dramatically.
  • The yield of the farm decreased.
  • Hardware is not flashed with microSD, flash, and web packages.
  • The firmware version does not change after an upgrade.
  • LEDs on the control board are almost constantly lit or blinking every 7-9 seconds.

WinSCP program

This is a free SFTP client for Windows that is used to copy files between computers using secure protocols. It supports SFTP, SCP, SSH-1, SSH-2, and WebDAV connections. Miners use WinSCP to regain access to hardware and reflash infected devices.

ProsCons
Does not save passwords in the program memory
Slows down when working with large folders
Secure connection
No built-in scheduler
Free license
Few features

How to cure ASIC

To get rid of hacker software, you will need 2 programs and no more than 20 minutes. Instructions on how to remove viruses from an ASIC using WinSCP:

  1. In the settings, select the SCP connection, specify the IP address of the ASIC and access data.
  2. Go to the /config folder and view it. If it contains bNminer.conf, it should be deleted.
  3. Open dropbear and replace the parameter in the NO_START= line with 0.
  4. Create a new directory in the /tmp folder and copy the unzipped firmware into it.

At further stages you will need PuTTy. In it you need to:

  1. Enter the IP ASIC.
  2. Connect to the devices.
  3. Write the commands:
    • cd /tmp/123
    • chmod +x runme.sh
    • ./runme.sh
    • reboot.

Measures to prevent infection

Because farms are rarely directly connected to the Internet, they are easy to protect from hackers. It is enough to follow the recommendations:

  • Configure a firewall (firewall) – you need to prescribe strict rules so that asics can not interact with each other, and the “white” list of connections can include only the address of the pool. If a virus infects the board, the others will continue to work normally.
  • Use an antivirus – it will warn about the detection of dangerous programs, automatically start quarantine and remove them.
  • Do not install “left” firmware – the creators promise an increase in profitability by 50% or more. Before installing custom software, it is worth checking information about it on thematic forums, and if possible – ask experts about it.
  • Check before installing a used ASIC – it is worthwhile to connect it separately, scan it with an antivirus and for a few days to see how it works. If there are no problems, you can connect the equipment to the main network.

Frequently Asked Questions

🔥 How do I properly connect my farm to the pool?

It is recommended to set up a connection through NAT only. The ASIC should not have direct access to the internet, and all unnecessary ports should be closed.

📌 Is antivirus required?

No. Miners often do not use such programs because they affect the power of the hardware. If you don’t install antivirus, you need to close all the ways of infecting devices and regularly check the settings, farm parameters.

📢 Why do I need quarantine?

After detecting dangerous software on one device, you should immediately enable quarantine. It will limit data transfer and prevent the spread of hacking software.

⚡ What are the additional degrees of protection?

In addition to antivirus, quarantine and firewall, it is advisable to create complex passwords. At the same time, there should be different combinations (at least 12-15 characters) for access to the router and asics.

✨ Which hash rate boosting firmware is safe?

It is recommended to use only trusted software such as VNish, Braiins OS or HiveON.

Is there an error in the text? Highlight it with your mouse and press Ctrl + Enter

Author: Saifedean Ammous, an expert in cryptocurrency economics.

Geef een reactie

Je e-mailadres wordt niet gepubliceerd. Vereiste velden zijn gemarkeerd met *

nl_NLDutch

Spelling error report

The following text will be sent to our editors: