For HomeFor BusinessFor Partners
Smart Home
2 min read

QNAP NAS Devices Targeted by QSnatch Malware for Six Years and Counting

Silviu STAHIE
Silviu STAHIE

July 28, 2020

Promo Protect all your devices, without slowing them down.
Free 30-day trial
QNAP NAS Devices Targeted by QSnatch Malware for Six Years and Counting

Network Attached Storage (NAS) devices built by QNAP are vulnerable to a malware named QSnatch, according to an advisory issued by United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC).

QNAP builds NAS devices that can be used as a local cloud backup for computers and phones, as well as many other applications. It uses a custom-built Linux OS, which makes the infection all the more impressive. It’s still unclear how the malware is spreading, who the operators are, and what their goals are.

QSnatch is a fairly sophisticated malware designed to steal credentials via a CGI password logger, to scrape credentials, to provide attackers with a SSH backdoor, to exfiltrate data, including system configurations and log files, and to offer web shell functionality for remote access.

Once the malware is installed, it gains persistence by changing the host file, redirecting the core domain names used by the NAS to out-of-date local versions so updates can never retrieved.

“The infection vector has not been identified, but QSnatch appears to be injected into the device firmware during the infection stage, with the malicious code subsequently run within the device, compromising it,” states the advisory. “The attacker then uses a domain generation algorithm (DGA)—to establish a command and control (C2) channel that periodically generates multiple domain names for use in C2 communications.”

Because the malware is persistent, administrators can’t install firmware updates. This means that a full factory reset is required before upgrading the firmware. Also, all the latest updates have to be installed.

The company also advises clients to update Malware Remover to the latest version, update the Security Counselor to the latest version, change all the credentials, remove suspicious or unknown accounts, and disable all network functionality’s not used, such SSH or Telnet.

By the middle of last month, a total of 62,000 QNAP devices were infected; approximately 7,600 were in the United States, and 3,900 in the United Kingdom. The first infections started in 2014 and QSnatch is active to this day.

tags

Smart Home

Author

Silviu STAHIE

Silviu STAHIE

Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.

View all posts

Right now Top posts

Beyond Free Antivirus: 5 Reasons Smart Consumers Choose Full-Strength Protection for Their Devices
Industry News Digital Privacy Tips and Tricks How to

Beyond Free Antivirus: 5 Reasons Smart Consumers Choose Full-Strength Protection for Their Devices

June 12, 2025

4 min read
Fake Download of Mission: Impossible – The Final Reckoning Movie Deploys Lumma Stealer
Threats

Fake Download of Mission: Impossible – The Final Reckoning Movie Deploys Lumma Stealer

May 23, 2025

4 min read
Scammers Sell Access to Steam Accounts with All the Latest Games – It's a Trap!
Scam

Scammers Sell Access to Steam Accounts with All the Latest Games – It's a Trap!

May 16, 2025

4 min read
How to Protect Your WhatsApp from Hackers and Scammers – 8 Key Settings and Best Practices
How to Tips and Tricks

How to Protect Your WhatsApp from Hackers and Scammers – 8 Key Settings and Best Practices

April 03, 2025

8 min read

FOLLOW US ON SOCIAL MEDIA

You might also like

Cybersecurity Grand Prix: VPNs and a 1-2 Race Finish
Cybersecurity Grand Prix

Cybersecurity Grand Prix: VPNs and a 1-2 Race Finish
Bitdefender
Bitdefender

December 11, 2024

3 min read
Holiday Shopping and the Dark Market Parallel
Tips and Tricks

Holiday Shopping and the Dark Market Parallel
Bitdefender
Bitdefender

December 04, 2024

4 min read
Track Guide to Las Vegas: Cybersecurity Edition
Cybersecurity Grand Prix

Track Guide to Las Vegas: Cybersecurity Edition
Bitdefender
Bitdefender

November 19, 2024

3 min read

Bookmarks

loader