Cryptojackers Target QNAP’s NAS Products Once Again
QNAP today released a security advisory to say that all of its NAS products are being targeted by attackers installing cryptocurrency-mining malware on the devices.
“Once a NAS is infected,” QNAP said, “CPU usage becomes unusually high where a process named ‘[oom_reaper]’ could occupy around 50% of the total CPU usage.”
NAS devices aren’t equipped with the mightiest components—even QNAP’s flagship products feature entry-level Intel Celeron processors—so losing half of the device’s power to crypto-mining malware could lead to a noticeable loss in performance.
QNAP didn’t offer additional details about how the malware is spreading, when it first appeared, or how many of its NAS products have been compromised to date.
The company did say that “if you suspect your NAS has been infected with the bitcoin miner, restarting the NAS may also remove the malware,” however.
In the meantime, QNAP said its devices could be protected by taking these actions:
- Update QTS or QuTS hero to the latest version.
- Install and update Malware Remover to the latest version.
- Use stronger passwords for your administrator and other user accounts.
- Update all installed applications to their latest versions.
- Do not expose your NAS to the internet, or avoid using default system port numbers 443 and 8080.
Additional information about how to take each of those steps is available via the security advisory.
The Record reported that [oom_reaper] is far from the first malware to target QNAP’s products. Numerous ransomware strains (Muhstik, Qlocker, eCh0raix, and AgeLocker) and other cryptojackers have also been used to infect the NAS devices.