Researchers have discovered a new one hacking attack, which results infecting thousands of NAS (network-attached storage) devices from QNAP. To contaminate the devices, the hackers they used a new malicious software, called QSnatch.
According to a team of German experts, they have been observed over 7.000 infections, only in Germany. The researchers believe that there have been thousands of other infections around the world and that attacks is in progress.
At present, there is not much detail on how Qsnatch works. The malicious one software was discovered by the Finnish National Cybersecurity Center (NCSC-FI) last week.
Researchers did a first analysis of the Qsnatch code and found the following possibilities:
- Modifying Tasks and Scripts (cronjob, init scripts)
- Prevent future updates firmware
- Prevent the operation of the native QNAP MalwareRemover application
- Theft of usernames and passwords for all NAS users
However, the above features only show what malware can do. Researchers have yet to find out their ultimate goal. Qsnatch could be used to launch DDoS attacks, for cryptomining, or as a backdoor to QNAP devices for sensitive theft data or to install malicious payloads (for future attacks).
Some analysts believe that QSnatch operators are still in the process of building it botnet and that they will develop other functions in the future.
Currently, the only way to remove Qsnatch is to reset the factory default NAS device.
Some have reported installing the update February QNAP NAS firmware of 2019 it can also address the problem. However, this report has not yet been confirmed by experts.
Therefore, users of QNAP NAS devices should, for the moment, disconnect their devices from Internet.
Here are some others tips to reduce the impact of a QSnatch infection:
- Change all passwords to all of them accounts to the device
- Remove unknown accounts from the device
- Update firmware and all applications
- Removing applications that come from an unknown source or are not frequently used
- Install the QNAP MalwareRemover application through the App Center
- Set a device access control list (Control Panel -> Security -> Security Level)
QSnatch is the fourth malware to infect NAS devices this year. Previously, one ransomware had affected Synology devices, and the ransomware eCh0raix and Muhstik had also infected QNAP devices.