QNAP’s unpatched network-attached-storage (NAS) devices are the latest devices to be targeted in ongoing attacks, which are aimed at taking them over for use as cryptocurrency miners. The malware, discovered by Qihoo’s 360 Netlab, exploits multiple pre-auth remote command execution vulnerabilities found in a QNAP Helpdesk app patch made in October 2020.
“We noticed the attacker customized the program by hiding the mining process and the real CPU memory resource usage information, so when the QNAP users check the system usage via the WEB management interface, they cannot see the abnormal system behavior,” 360 Netlab’s researchers stated in a report.
360 Netlab named the malware UnityMiner, and informed QNAP of the ongoing cryptomining campaign a day after finding it. They noted that all QNAP NAS devices with firmware released before August 2020 are vulnerable, which to their count is nearly 4.3 million NAS devices.
“To ensure the security of their QNAP NAS, users are urged to install their applicable update(s) at the earliest convenience. Alongside these software updates and published security advisories, QNAP has also sent individual notification emails to known Surveillance Station users, to minimize the impact caused by the issue,” said QNAP.
The company’s NAS devices have actually been under attack for months now, with warnings of infections going back to August 2019 regarding QSnatch malware, Muhstik Ransomware infections, the eChOraix Ransomware campaign, and AgeLocker Ransomware attacks.
If you own a QNAP NAS, you should take the necessary steps to secure it. Change your passwords for all accounts on it, update device firmware and applications, remove unknown users and applications from it, install QNAP’s MalwareRemover app from the AppCenter, and set an access control list.