silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,154
Thousands of QNAP NAS devices are getting infected with a malware dubbed QSnatch that injects into their firmware and proceeds to steal credentials and load malicious code retrieved from its command and control (C2) servers.
Germany's Computer Emergency Response Team (CERT-Bund) says that, based on sinkhole data, roughly 7,000 NAS devices in Germany are currently affected by QSnatch infections.
The malware strain was spotted by researchers at the National Cyber Security Centre of Finland (NCSC-FI) after receiving reports from the Autoreporter service of infected NAS devices trying to communicate to C2 servers.
Update November 01, 12:04 EDT:
QNAP says in a security advisory released today that an update for the Malware Remover app will be released as soon as possible to address the QSnatch malware threat.
QNAP also recommends taking the following measures to avoid infections:
- Update QTS to the latest version.
- Install and update Security Counselor to the latest version.
- Use a stronger admin password.
- Enable IP and account access protection to prevent brute force attacks.
- Disable SSH and Telnet connections if you are not using these services.
- Avoid using default port numbers 443 and 8080.