Security News > 2020 > July > US, UK Warn of Malware Targeting QNAP NAS Devices
In a joint alert this week, the United States and the United Kingdom warned that a piece of malware has infected over 62,000 QNAP network-attached storage devices.
"Due to these data breach concerns, QNAP devices that had been infected may still be vulnerable to reinfection after removing the malware," the company said.
In their joint alert, the United States Cybersecurity and Infrastructure Security Agency and the United Kingdom's National Cyber Security Centre warn that all NAS devices from QNAP might be vulnerable to QSnatch.
"The malware, documented in open-source reports, has infected thousands of devices worldwide with a particularly high number of infections in North America and Europe. Further, once a device has been infected, attackers can prevent administrators from successfully running firmware updates," the alert reads.
The malware, they note, installs a fake device admin page to steal credentials, contains an SSH backdoor to enable code execution, features a credentials scrapper and webshell functionality to enable remote access, and can exfiltrate data to the attackers' server over HTTPS. "The malware appears to gain persistence by preventing updates from installing on the infected QNAP device. The attacker modifies the system host's file, redirecting core domain names used by the NAS to local out-of-date versions so updates can never be installed," the alert reads.