[TheRecord] QNAP warns of new crypto-miner targeting its NAS devices

Taiwanese hardware vendor QNAP has released a new security advisory today warning users that a new strain of crypto-mining malware is targeting its network-attached storage (NAS) devices.

The company did not share any information on how the devices were being compromised but said that once the malware got a foothold on infected systems, it would create a process named [oom_reaper] that would take up around 50% of the CPU’s total usage.

“This process mimics a kernel process but its PID is usually greater than 1000,” QNAP said today.

While the infections are being investigated, QNAP told customers to take proactive measures against the attacks, such as updating their devices’ operating systems (known as QTS or QuTS) and all QNAP add-on apps.

In addition, the company also told users to change all their NAS account passwords, as it was unsure if the attackers exploited a vulnerability or just brute-forced an internet-connected QNAP system that used a weak password.

To remove the infection from affected devices, QNAP told customers to reboot systems and download and install the company’s “Malware Remover” tool from the device’s built-in App Center. Instructions on how to perform all the three steps above are detailed step-by-step in the company’s advisory.

Past malware ops targeting QNAP systems

But in hindsight, the Taiwanese company is used by this point to malware gangs targeting its devices.

Over the past few years, ransomware strains like MuhstikQlocker, eCh0raix, and AgeLocker have all targeted QNAP devices, with hackers gaining access to customer NAS systems, encrypting users’ data, and then asking for small ransom payments.

Crypto-mining malware has been rarer, but it has also happened before.

In late 2020 and early 2021, QNAP NAS devices were targeted by the Dovecat crypto-mining malware, which abused weak passwords to gain a foothold on QNAP systems.

The company’s NAS devices were also targeted in 2019 and 2020 by the QSnatch malware, which CISA and the UK NCSC said infected around 62,000 systems by mid-June 2020. QSnatch didn’t include crypto-mining features but included an SSH password stealer and exfiltration capabilities, which were the main reasons national cybersecurity agencies in the US, the UKFinland, and Germany got involved and sent national alerts about the botnet’s operations.

The post QNAP warns of new crypto-miner targeting its NAS devices appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

Daily NCSC-FI news followup 2020-08-18

Emotet-haittaohjelmaa levitetään aktiivisesti Suomessa www.kyberturvallisuuskeskus.fi/fi/emotet-haittaohjelmaa-levitetaan-aktiivisesti-suomessa Emotet-haittaohjelmaa levitetään sähköpostitse suomalaisten organisaatioiden nimissä. Haittaohjelmahyökkäyksen tarkoituksena on varastaa organisaatioista tietoja, ja samalla hyökkäyksellä on mahdollista tunkeutua verkkoon syvemmälle ja käynnistää esimerkiksi kiristyshaittaohjelmahyökkäys. Hyökkäyskampanja on näkynyt aktiivisena 17.8.2020 alkaen.. see also www.is.fi/digitoday/tietoturva/art-2000006605860.html World’s largest cruise line operator discloses ransomware attack www.zdnet.com/article/worlds-largest-cruise-line-operator-discloses-ransomware-attack/ Carnival Corp says it suffered a ransomware attack […]

Read More

[ZDNet] JEM authenticator and password manager deal: Protect your logins

All posts, ZDNet

Now you can have the utmost protection for your online passwords from the cyber threats are becoming more frequent and more dangerous. Source: Read More (Latest topics for ZDNet in Security)

Read More

[ThreatPost] Win10 Admin Rights Tossed Off by Yet Another Plug-In

All posts, ThreatPost

Then again, you don’t even need the actual device – in this case, a SteelSeries peripheral – since emulation works just fine to launch with full SYSTEM rights. Source: Read More (Threatpost)

Read More