Security News > 2020 > July > 62,000 QNAP NAS devices infected with persistent QSnatch malware

There are approximately 62,000 malware-infested QNAP NAS devices located across the globe spilling all the secrets they contain to unknown cyber actors, the US CISA and the UK NCSC have warned.

Dubbed QSnatch, the sophisticated malware targets QTS, the Linux-based OS powering QNAP's NAS devices, and is able to log passwords, scrape credentials, set up an SSH backdoor and a webshell, exfiltrate files and, most importantly, assure its persistence by preventing users from installing updates that may remove it and by preventing the QNAP Malware Remover app from running.

"QSnatch collects confidential information from infected devices, such as login credentials and system configuration. Due to these data breach concerns, QNAP devices that had been infected may still be vulnerable to reinfection after removing the malware," QNAP explained after delivering security updates in November 2019.

In mid-June, the number of infected devices worldwide was 62,000, with approximately 7,600 in the US and 3,900 in the UK. What to do if your QNAP NAS has been infected?

"The malware appears to gain persistence by preventing updates from installing on the infected QNAP device. The attacker modifies the system host's file, redirecting core domain names used by the NAS to local out-of-date versions so updates can never be installed," they noted.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/7wi1pkRkPD4/