Hardware vendor QNAP released a security advisory warning its users about a new cryptomining malware targeting its network-attached storage (NAS) devices. The Taiwan-based company urged users to take necessary security measures to prevent the ongoing malware campaign.
Once the malware infects a NAS device, the CPU usage becomes unusually high, where a process named “oom_reaper” could occupy around 50% of the total CPU usage. A NAS device is an internet-connected storage device that allows data storage and retrieval from a central location for authorized network users and clients.
“This process mimics a normal, legitimate kernel process with the same name. However, while the legitimate kernel process PID is usually below 1000, the bitcoin miner PID is usually greater than 1000,” the advisory said. While the actors behind the malware campaign are unknown, QNAP stated it is currently investigating the severity of the threat.
QNAP stated the infection could be removed by rebooting the affected devices. Customers also need to take proactive measures such as updating operating systems (QTS or QuTS), all QNAP add-on apps, and changing their NAS account passwords.
To protect the NAS devices from the Bitcoin mining malware, the company recommended users to:
- Update QTS or QuTS hero to the latest version
- Install and update Malware Remover to the latest version
- Use stronger passwords for your administrator and other user accounts
- Update all installed applications to their latest versions
- Do not expose your NAS to the internet or avoid using default system port numbers 443 and 8080
- If you suspect your NAS has been infected with the bitcoin miner, restarting the NAS may also remove the malware
Not the First Time
This is not the first that QNAP NAS devices have been under attack. Earlier, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the U.K.’ National Cyber Security Centre (NCSC) uncovered a strain of malware known as QSnatch that targeted QNAP NAS systems.