Is Your QNAP NAS Secretly Mining Crypto?
Network-attached storage (NAS) maker QNAP released a statement earlier this week warning clients of a bitcoin mining malware potentially targeting their devices. “Once a NAS is infected, CPU usage becomes unusually high where a process named ‘[oom_reaper]’ could occupy around 50% of the total CPU usage," the company said in its statement.
How to detect and fix the problem
Crypto miners and, more recently, cryptojackers, are a form of malware that infect a host device, such as a personal computer, server, NAS or mobile phone, and hijack the system resources to mine cryptocurrencies for a malicious actor. Because their prime objective is to mine and not damage the device, crypto miners can be hard to detect. They usually give away clues, though, such as unusual high CPU usage, slow system speed or quick battery drainage.
To fix the recent threat, QNAP customers are advised to reboot their device, which should flush away the malware. Additionally, users should make sure their NAS operating system is updated to the latest version, check that Malware Remover is updated, use a strong password for the device and, if possible, refrain from exposing their NAS to the internet, or at least avoid using default system port numbers 443 and 8080.
This isn’t the first time the Taiwanese maker is faced with malware problems. In December 2020, QNAP fixed four high-severity vulnerabilities allowing remote attackers to inject malicious code in various components. A few months earlier, they had to fix a critical vulnerability related to Zerologon, which Iranian hackers are known to use. In September 2020, attackers hit NAS devices from QNAP with AgeLocker ransomware, prompting the developers to issue a new set of firmware updates. And in July 2020, CISA and NCSC issued a joint advisory regarding a malware string under the name of QSnatch.
Don’t bypass security when setting up your NAS
Because they can play many roles, like personal cloud, storage unit, backup solution or media library server, NASs have become very popular in the last few years, even among people who aren’t really into gadgets and devices. But that has also turned them into easy targets for cybercriminals. In fact, according to a recent Bitdefender IoT security study, NASs are the most vulnerable household smart devices and have been targeted recently by various types of attacks, like brute-forcing, DDoS attacks, ransomware and crypto-mining malware.
To protect your NAS, make sure that:
- You use a strong password to log in, as a weak password can be brute-forced instantly
- You don’t use the default admin profile, as hackers are constantly scanning for default login credentials to exploit
- Your firmware and apps are all updated to the latest version, because manufacturers regularly issue security updates to fix vulnerabilities
- Your ports and connections are secured
- Your home router is secured and updated to the latest firmware version
- You connect to the internet through a VPN, which hides your IP and encrypts your connection
Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds
December 21, 2021
Online Shoppers Beware, Mobile Scams Are on the Rise
December 17, 2021
The Holiday Guide to Tech Support: Fixing the Family Computer
November 24, 2021
Bitdefender Celebrates 20 Years of Cybersecurity Leadership
November 04, 2021
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords
October 26, 2021
What are drive-by download attacks and how do you prevent them?
October 25, 2021