2 min read

Is Your QNAP NAS Secretly Mining Crypto?


December 09, 2021

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Is Your QNAP NAS Secretly Mining Crypto?

Network-attached storage (NAS) maker QNAP released a statement earlier this week warning clients of a bitcoin mining malware potentially targeting their devices. “Once a NAS is infected, CPU usage becomes unusually high where a process named ‘[oom_reaper]’ could occupy around 50% of the total CPU usage," the company said in its statement.

How to detect and fix the problem

Crypto miners and, more recently, cryptojackers, are a form of malware that infect a host device, such as a personal computer, server, NAS or mobile phone, and hijack the system resources to mine cryptocurrencies for a malicious actor. Because their prime objective is to mine and not damage the device, crypto miners can be hard to detect. They usually give away clues, though, such as unusual high CPU usage, slow system speed or quick battery drainage.

To fix the recent threat, QNAP customers are advised to reboot their device, which should flush away the malware. Additionally, users should make sure their NAS operating system is updated to the latest version, check that Malware Remover is updated, use a strong password for the device and, if possible, refrain from exposing their NAS to the internet, or at least avoid using default system port numbers 443 and 8080.

This isn’t the first time the Taiwanese maker is faced with malware problems. In December 2020, QNAP fixed four high-severity vulnerabilities allowing remote attackers to inject malicious code in various components. A few months earlier, they had to fix a critical vulnerability related to Zerologon, which Iranian hackers are known to use. In September 2020, attackers hit NAS devices from QNAP with AgeLocker ransomware, prompting the developers to issue a new set of firmware updates. And in July 2020, CISA and NCSC issued a joint advisory regarding a malware string under the name of QSnatch.

Don’t bypass security when setting up your NAS

Because they can play many roles, like personal cloud, storage unit, backup solution or media library server, NASs have become very popular in the last few years, even among people who aren’t really into gadgets and devices. But that has also turned them into easy targets for cybercriminals. In fact, according to a recent Bitdefender IoT security study, NASs are the most vulnerable household smart devices and have been targeted recently by various types of attacks, like brute-forcing, DDoS attacks, ransomware and crypto-mining malware.

To protect your NAS, make sure that:

  • You use a strong password to log in, as a weak password can be brute-forced instantly
  • You don’t use the default admin profile, as hackers are constantly scanning for default login credentials to exploit
  • Your firmware and apps are all updated to the latest version, because manufacturers regularly issue security updates to fix vulnerabilities
  • Your ports and connections are secured
  • Your home router is secured and updated to the latest firmware version
  • You connect to the internet through a VPN, which hides your IP and encrypts your connection




Radu is a tech-geek with 15 years of experience in writing, journalism and copywriting. When he’s not writing he’s probably taking something apart, trying to figure out how things work.

View all posts

You might also like