Is Your QNAP NAS Secretly Mining Crypto?
Network-attached storage (NAS) maker QNAP released a statement earlier this week warning clients of a bitcoin mining malware potentially targeting their devices. “Once a NAS is infected, CPU usage becomes unusually high where a process named ‘[oom_reaper]’ could occupy around 50% of the total CPU usage," the company said in its statement.
How to detect and fix the problem
Crypto miners and, more recently, cryptojackers, are a form of malware that infect a host device, such as a personal computer, server, NAS or mobile phone, and hijack the system resources to mine cryptocurrencies for a malicious actor. Because their prime objective is to mine and not damage the device, crypto miners can be hard to detect. They usually give away clues, though, such as unusual high CPU usage, slow system speed or quick battery drainage.
To fix the recent threat, QNAP customers are advised to reboot their device, which should flush away the malware. Additionally, users should make sure their NAS operating system is updated to the latest version, check that Malware Remover is updated, use a strong password for the device and, if possible, refrain from exposing their NAS to the internet, or at least avoid using default system port numbers 443 and 8080.
This isn’t the first time the Taiwanese maker is faced with malware problems. In December 2020, QNAP fixed four high-severity vulnerabilities allowing remote attackers to inject malicious code in various components. A few months earlier, they had to fix a critical vulnerability related to Zerologon, which Iranian hackers are known to use. In September 2020, attackers hit NAS devices from QNAP with AgeLocker ransomware, prompting the developers to issue a new set of firmware updates. And in July 2020, CISA and NCSC issued a joint advisory regarding a malware string under the name of QSnatch.
Don’t bypass security when setting up your NAS
Because they can play many roles, like personal cloud, storage unit, backup solution or media library server, NASs have become very popular in the last few years, even among people who aren’t really into gadgets and devices. But that has also turned them into easy targets for cybercriminals. In fact, according to a recent Bitdefender IoT security study, NASs are the most vulnerable household smart devices and have been targeted recently by various types of attacks, like brute-forcing, DDoS attacks, ransomware and crypto-mining malware.
To protect your NAS, make sure that:
- You use a strong password to log in, as a weak password can be brute-forced instantly
- You don’t use the default admin profile, as hackers are constantly scanning for default login credentials to exploit
- Your firmware and apps are all updated to the latest version, because manufacturers regularly issue security updates to fix vulnerabilities
- Your ports and connections are secured
- Your home router is secured and updated to the latest firmware version
- You connect to the internet through a VPN, which hides your IP and encrypts your connection
How to monitor your online privacy during your Thanksgiving trip
November 22, 2022
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info
November 16, 2022
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be
November 14, 2022
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War
August 31, 2022
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor
August 30, 2022
What is medical identity theft and how to protect against it
July 27, 2022