QNAP Warns Users to Secure Devices Against QSnatch Malware

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Network-attached storage (NAS) maker QNAP urges customers to secure their NAS devices against an ongoing malicious campaign that infects them with QSnatch malware capable of stealing user credentials.
QNAP advises users to install the latest version of the Malware Remover app for the QTS operating system running on the company's NAS devices as soon as possible.
Malware Remover 3.5.4.0 and 4.5.4.0 versions are now capable of removing QSnatch after new rules were added by the company updated it on November 1.
"Users are urged to install the latest version of the Malware Remover app from QTS App Center or by manual downloading from the QNAP website," says QNAP.
"Users are advised to take actions listed in the security advisory or, alternatively, contact QNAP for technical assistance. Instructions for creating a support request can be found here."
 

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
Reading through the QNAP forum, this is quite vexing...
  • QNAP official communication is lacking
  • The vector is unknown
  • There is no clear means to determine if a machine has been compromised
  • QNAP anti-malware tool has been taken offline frequently (presumably for fixes)
  • Anti-malware tool "cleaning" does not prevent reinfection
  • Machine reset does not prevent reinfection

Users are at a loss to resolve the issue at this time. Taking the unit offline and waiting for a patch/fix seems to be the best path.
 

notabot

Level 15
Verified
Oct 31, 2018
703
Reading through the QNAP forum, this is quite vexing...
  • QNAP official communication is lacking
  • The vector is unknown
  • There is no clear means to determine if a machine has been compromised
  • QNAP anti-malware tool has been taken offline frequently (presumably for fixes)
  • Anti-malware tool "cleaning" does not prevent reinfection
  • Machine reset does not prevent reinfection

Users are at a loss to resolve the issue at this time. Taking the unit offline and waiting for a patch/fix seems to be the best path.

a QNAP is on my shortlist for a media server, a successful malware campaign is not enough to take it out of the list but I wanted to ask something that would be a no-go for me: has it been ruled out that malware was delivered via compromised official qnap channels ( update mechanisms, their cloud, approved apps at their store etc ).
I don't plan to use torrents nor have any internet facing ports open, so if it's not an official channel that spread this it's ok for me, on the other hand if I cannot trust the vendor, then I'll stay away
 

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
Has the delivery mechanism for this been found , or not yet ?
QNAP has apparently worked out a solution that involves remoting in and making changes to user's NAS. No one user-side knows quite what is affected, though there is evidence uncovered by users suggesting that a QNAP utility script was somehow compromised and was the conduit for infection. There is no expectation that QNAP will reveal the vector/mechanism.
 

notabot

Level 15
Verified
Oct 31, 2018
703
QNAP has apparently worked out a solution that involves remoting in and making changes to user's NAS. No one user-side knows quite what is affected, though there is evidence uncovered by users suggesting that a QNAP utility script was somehow compromised and was the conduit for infection. There is no expectation that QNAP will reveal the vector/mechanism.

Thanks for this - if there's a good chance the vendor's own delivery channels were compromised I think I'll go for something else.
 
  • Like
Reactions: Venustus

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
Does FreeNas have mobile apps to administer it eg for casting? I don't want to be doing SSH logins to watch a movie :)
The bulk of the administration is done by a Web UI which works acceptably on mobile. For watching a movie you generally set up a Plex or Emby plug-in and from there on you can use their respective mobile apps to set up casting and so on.
 

notabot

Level 15
Verified
Oct 31, 2018
703
The bulk of the administration is done by a Web UI which works acceptably on mobile. For watching a movie you generally set up a Plex or Emby plug-in and from there on you can use their respective mobile apps to set up casting and so on.

If web UI is decent on mobile that works too, do they have a device compatibility list ? I saw they also ship it preinstalled but this looks like a US-only sales channel to me.
 
  • Like
Reactions: Venustus

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
If web UI is decent on mobile that works too, do they have a device compatibility list ? I saw they also ship it preinstalled but this looks like a US-only sales channel to me.
Almost any commodity Intel based machine can be used. If it runs FreeBSD it can run FreeNAS — there are plenty of build recommendations on their server.

Take some of their enterprise grade advice with a grain of salt though — they recommend using ECC RAM and a LSI SAS controller instead of built in SATA ports but in my opinion neither is strictly necessary.
The prebuilt FreeNAS Mini is a great machine but if it’s outside your budget you can build your own alternative for much less.
 

notabot

Level 15
Verified
Oct 31, 2018
703
Almost any commodity Intel based machine can be used. If it runs FreeBSD it can run FreeNAS — there are plenty of build recommendations on their server.

Take some of their enterprise grade advice with a grain of salt though — they recommend using ECC RAM and a LSI SAS controller instead of built in SATA ports but in my opinion neither is strictly necessary.
The prebuilt FreeNAS Mini is a great machine but if it’s outside your budget you can build your own alternative for much less.

Why not Synology btw? if I recall it runs Linux
 
  • Like
Reactions: Venustus

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
Why not Synology btw? if I recall it runs Linux
I don't mind it -- a lot of people seem happy with Synology. The things I like about FreeNAS are:
  • ZFS: One of the best filesystems out there for building resilient and redundant storage
  • FreeBSD and open source underpinnings: Sure some of their management tools are proprietary but at the end of the day it is a FreeBSD machine. You can rescue your data with any other FreeBSD setup, and are not at the mercy of a proprietary vendor
  • Flexible plugin system: Whether you want to use their plugins (based off FreeBSD jails), docker virtualization, or just use it as an ESXi style bare metal hypervisor replacement, FreeNAS gives you many ways to run other things on the machine

Overall it is a compelling reason to invest in a semi powerful server that can do most of your home serving tasks in one box, and it happens to also have a ton of storage too!
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top