QNAP NAS storage devices infected with the malware known as QSnatch

Home - News Articles - QNAP NAS storage devices infected with the malware known as QSnatch
Qsnatch banking malware

QNAP NAS storage devices infected with the malware known as QSnatch

A new strain of malware called QSnatch (also known as ‘Derek’) looks for QNAP NAS devices that are potentially vulnerable to QSnatch malware, if not updated with the latest security fixes you could be infected. This was reported from the UK National Cyber Security Centre.

Thousands of devices worldwide with a particularly high number of infections in North America and Europe. Once a device has been infected, attackers can prevent administrators from successfully running firmware updates.

“Hackers have infected thousands of network-attached storage (NAS) devices from Taiwanese vendor QNAP with a new strain of malware named QSnatch.”

The malware’s code revealed the following capabilities:

  • Modify OS timed jobs and scripts (cronjob, init scripts)
  • Prevent future firmware updates by overwriting update-source URLs
  • Prevents the native QNAP MalwareRemover App from running
  • Extracts and steals usernames and passwords for all NAS users

How to protect your QNAP NAS storage device?

  • Make sure you have updated your devices with the latest patches
  • Change your passwords
  • Remove any unwanted/unknown user accounts
  • Install QNAP MalwareRemover application via the App Center functionality

Global distribution of infections

Analysis shows a significant number of infected devices. In mid-June 2020, there were approximately 62,000 infected devices worldwide; of these, approximately 3,900 were in the UK and 7,600 were in the US. Figure 1 below shows the location of these devices in broad geographic terms.

Leave A Comment

CAPTCHA


Recent News

Clients Reviews

Contact Us

DataRush

Get Your SEO Report

Take a look at your backlink profile, keyword data and website content with a detailed report for your business website.
No1. SEO Report
GET YOUR FREE REPORT TODAY!
close-link