HomesecurityQNAP: NAS devices targeted with cryptomining malware

QNAP: NAS devices targeted with cryptomining malware

QNAP today warned customers of ongoing attacks targeting their NAS devices with cryptomining malware, urging them to take steps to protect themselves immediately.


See also: The Nobelium hacking team uses the new Ceeloader malware

The cryptominer being developed in this campaign on compromised devices will create a new process called [oom_reaper] that will mine Bitcoin cryptocurrency.

At runtime, the malware can take up to 50% of all CPU resources and mimic a kernel process with a PID higher than 1000.

Customers who suspect their NAS has been infected with this bitcoin miner are advised to restart their device, which may remove the malware.

QNAP also advises customers to take the following steps to protect their devices from these attacks:

  1. Update the hero QTS or QuTS to the latest version.
  2. Install and update Malware Remover to the latest version.
  3. Use stronger passwords for administrator accounts and other users.
  4. Update all installed applications to their latest versions.
  5. Do not expose your NAS to the Internet or avoid using the default system port numbers 443 and 8080.

You can find detailed information on the steps required for each of the above actions in today's safety tip.

See also: Magnat campaign: Malware spreads through fake software downloads

QNAP NAS devices under siege

NAS devices are an attractive target for intruders and this is not the first time that QNAP systems have been targeted by cryptomining malware this year.

In March, researchers at the Qihoo 360 Network Security Research Laboratory (360 Netlab) discovered that a cryptominer called UnityMiner hacked unprotected QNAP NAS devices against two Remote Execution (RCE) vulnerabilities in the Help application.

In January, QNAP users were called upon to defend their devices against a campaign malware which made them useless after spawning dovecat and dedpma processes that would destroy almost all system resources.

QNAP alerted customers to Ch0raix ransomware attacks (also known as QNAPCrypt) in May (as well as in June 2019 and June 2020). This alert came two weeks after another AgeLocker ransomware outbreak alert.

See also: A simple technique enhances phishing campaigns to spread malware

A huge ransomware Qlocker campaign has been hitting vulnerable QNAP devices since mid-April. The intruders earned $ 260.000 in just five days.

QNAP customers who want to further protect their NAS devices from attacks are advised to follow these best practices.

Source of information:

Teo Ehc
Be the limited edition.