During the weekly update of package repositories yesterday, some scripts and binaries that were only meant to be installed on our internal infrastructure were incorrectly pushed to all users. The updates that contained the offending content were only available for a short window (less than 24 hours) and have now been removed from all official mirrors.
The update contained an experimental cryptocurrency miner and its configuration files. The intention was to leverage the idle CPU time on Sabayon infrastructure hosts to increase funding for the project via a Monero wallet. This was setup on one of the internal development repositories for testing and accidentally promoted to the main Sabayon package repositories in error by another member of staff who was unaware of its existence.
We are very sorry that this has happened and we apologize for any inconvenience it may have caused you.
If your systems updated the package repositories (e.g. using “equo update”, or from the rigo background auto updater), between 2018-01-14 20:30 UTC and 2018-01-15 18:00 UTC, you may find a miner process named “sd” running on your system. This process may have been using up to 100% of one CPU core since then.
You may also see a hidden file at “/etc/entropy/.infra_machine” was was intended to limit the affects to only the infrastructure hosts, but which was inadvertantly created on all machines.
Either killing the miner “sd” process if present, or restarting your computer will stop this activity. If present on your system the “.infra_machine” hidden file can be safely deleted with “sudo rm /etc/entropy/.infra_machine”.
No further cleanup is required as the miner scripts were not made to be persistent.
As sign of good faith we will be donating the equivalent amount of money generated by the miners to charity. At time of writing, this is approximately valued at 5 Euro. You can independently check the value of the wallet and any transactions relating to it by entering the wallet address (49oFnBbQbwXEJ8eTcWxVDb12Sbktn9XHQ6ysezutij4xGbXLYaygeDNTWEKoae9E4fMedQJy5g9QMQk1Hy7YuB7HHaJSGdg) at moneropools. The chosen charity will be announced on the blog once all mining activity has slowed/stopped and the final amount generated is known.
This happened in part because the Sabayon package build process involves manual activity by different staff members on the same server. We have already been working for some time on further automating these processes to remove the manual work on servers, and make the build processes more transparent to users.
Thanks to Joe Cuchac for bringing this issue to our attention earlier today, and to nks0ne, iTitou, and Mr-Hide from IRC for their assistance in tracking down the source.