Is Your QNAP NAS Secretly Mining Crypto?
Network-attached storage (NAS) maker QNAP released a statement earlier this week warning clients of a bitcoin mining malware potentially targeting their devices. “Once a NAS is infected, CPU usage becomes unusually high where a process named ‘[oom_reaper]’ could occupy around 50% of the total CPU usage," the company said in its statement.
How to detect and fix the problem
Crypto miners and, more recently, cryptojackers, are a form of malware that infect a host device, such as a personal computer, server, NAS or mobile phone, and hijack the system resources to mine cryptocurrencies for a malicious actor. Because their prime objective is to mine and not damage the device, crypto miners can be hard to detect. They usually give away clues, though, such as unusual high CPU usage, slow system speed or quick battery drainage.
To fix the recent threat, QNAP customers are advised to reboot their device, which should flush away the malware. Additionally, users should make sure their NAS operating system is updated to the latest version, check that Malware Remover is updated, use a strong password for the device and, if possible, refrain from exposing their NAS to the internet, or at least avoid using default system port numbers 443 and 8080.
This isn’t the first time the Taiwanese maker is faced with malware problems. In December 2020, QNAP fixed four high-severity vulnerabilities allowing remote attackers to inject malicious code in various components. A few months earlier, they had to fix a critical vulnerability related to Zerologon, which Iranian hackers are known to use. In September 2020, attackers hit NAS devices from QNAP with AgeLocker ransomware, prompting the developers to issue a new set of firmware updates. And in July 2020, CISA and NCSC issued a joint advisory regarding a malware string under the name of QSnatch.
Don’t bypass security when setting up your NAS
Because they can play many roles, like personal cloud, storage unit, backup solution or media library server, NASs have become very popular in the last few years, even among people who aren’t really into gadgets and devices. But that has also turned them into easy targets for cybercriminals. In fact, according to a recent Bitdefender IoT security study, NASs are the most vulnerable household smart devices and have been targeted recently by various types of attacks, like brute-forcing, DDoS attacks, ransomware and crypto-mining malware.
To protect your NAS, make sure that:
- You use a strong password to log in, as a weak password can be brute-forced instantly
- You don’t use the default admin profile, as hackers are constantly scanning for default login credentials to exploit
- Your firmware and apps are all updated to the latest version, because manufacturers regularly issue security updates to fix vulnerabilities
- Your ports and connections are secured
- Your home router is secured and updated to the latest firmware version
- You connect to the internet through a VPN, which hides your IP and encrypts your connection
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside
June 28, 2022
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online
June 28, 2022
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021
June 22, 2022
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data
May 24, 2022
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight
April 15, 2022
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users
April 14, 2022