QNAP NAS storage devices infected with the malware known as QSnatch
A new strain of malware called QSnatch (also known as ‘Derek’) looks for QNAP NAS devices that are potentially vulnerable to QSnatch malware, if not updated with the latest security fixes you could be infected. This was reported from the UK National Cyber Security Centre.
Thousands of devices worldwide with a particularly high number of infections in North America and Europe. Once a device has been infected, attackers can prevent administrators from successfully running firmware updates.
“Hackers have infected thousands of network-attached storage (NAS) devices from Taiwanese vendor QNAP with a new strain of malware named QSnatch.”
The malware’s code revealed the following capabilities:
- Modify OS timed jobs and scripts (cronjob, init scripts)
- Prevent future firmware updates by overwriting update-source URLs
- Prevents the native QNAP MalwareRemover App from running
- Extracts and steals usernames and passwords for all NAS users
How to protect your QNAP NAS storage device?
- Make sure you have updated your devices with the latest patches
- Change your passwords
- Remove any unwanted/unknown user accounts
- Install QNAP MalwareRemover application via the App Center functionality