QNAP the Network-attached storage (NAS) appliance maker has released a new advisory warning of a cryptocurrency mining malware targeting devices. This is a bitcoin miner which target QNAP NAS. Once a NAS is infected, CPU usage becomes unusually high where a process named ‘[oom_reaper]’ could occupy around 50% of the total CPU usage,” the Taiwanese company said in an alert. “This process mimics a kernel process but its [process identifier] is usually greater than 1000.”
QNAP said it’s currently investigating the infections, but did not share more information on the initial access vector that’s being used to compromise the NAS devices. Affected users can remove the malware by restarting the appliances.
Investigation into the infection is going on however not much information is shared on the initial access vector that is being used to compromise the NAS devices. So far so good the available solution is by restarting the appliances which automatically removes the malware.
Users should also update their QTS (and QuTS Hero) operating systems to the latest version, enforce strong passwords for administrator and other user account and refrain from exposing the NAS devices to the internet.
In July 2020, cybersecurity agencies in the U.S. and U.K. issued a joint release about a threat that infected the NAS devices with a data-stealing malware dubbed QSnatch (or Derek). In December 2020, the device maker warned of two high-severity cross-site scripting flaws (CVE-2020-2495 and CVE-2020-2496) that enabled remote adversaries to take over the devices.
Then in March 2021, Qihoo 360’s Network Security Research Lab disclosed a cryptocurrency campaign that exploited two security flaws in the firmware — CVE-2020-2506 and CVE-2020-2507 — to gain root privileges and deploy a miner called UnityMiner on compromised devices. And as of April this year, QNAP NAS devices have also been the target of eCh0raix and Qlocker ransomware attacks.