Security News > 2021 > March > Crypto-Miner Campaign Targets Unpatched QNAP NAS Devices

UPDATE. Owners of popular QNAP Systems network attached storage devices are being warned that a malicious cryptocurrency campaign is actively exploiting two critical firmware bugs in systems that have not yet been patched.

QNAP fixed the flaws in October 2020; however, researchers at Qihoo 360's Network Security Research Lab report a widening campaign targeting over 100 models used by 4.3 million of the company's NAS devices.

Disproportionately impacted are 1.1 million QNAP NAS users within the United States and China - representing nearly 80 percent of total global infections, according to a recent mapping of QNAP devices visible online.

Indicators of compromise include NAS devices configured for proxy pools "Aquamangts.tk:12933", "a.aquamangts.tk:12933" and "b.aquamangts.tk:12933." Also, according to researchers, the miner uses variations of the proxy and URLs with the root "Aquamangts".

Another incident impacting QNAP occurred in 2019 when hackers targeted the devices with malware dubbed QSnatch.

Another incident was also reported the same year, when ransomware targeting Linux-based NAS devices - including QNAP. Other NAS vendors have been equally impacted.

News URL

https://threatpost.com/miner-campaign-targets-unpatched-qnap-nas/164580/