Recently, German and Finnish information security experts discovered a new malware infecting QNAP NAS devices. Now QNAP representatives tell how to deal with QSnatch.
QSnatch has already infected more than 7,000 devices only in Germany. Having gained access to the device, the malware makes changes to the firmware in order to guarantee a constant presence.QSnatch is also capable of:
- making changes to scheduled tasks and scripts (cronjob, init);
- preventing firmware updates by rewriting the URLs of the update source;
- prohibiting the launch of the QNAP MalwareRemover security application;
- retrieving and stealing usernames and passwords of all NAS users.
It is still unclear whether the malware was developed for DDoS attacks, hidden cryptocurrency mining, or is it just a backdoor for QNAP devices designed to steal confidential files or future host malware.
So far, QSnatch operators are just setting up their botnet and can deploy additional modules in the future», – Finnish National Cybersecurity Center (NCSC-FI) reports.
Experts confirm that QSnatch is able to connect to a remote management server, and download and run additional components from there.
QNAP representatives have now published an official security bulletin on this issue. Users are encouraged to install the latest version of Malware Remover as soon as possible by downloading it from the QTS App Center or from the company’s website.
The fact is that now, after updating Malware Remover 3.5.4.0 and 4.5.4.0, it can remove QSnatch from infected devices and successfully resists Malvari.
Users are urged to install the latest version of the Malware Remover app from QTS App Center or by manual downloading from the QNAP website. QNAP also recommends a series of actions for QNAP NAS security enhancements. Furthermore, QNAP clarifies that it has never recommended a reinitialization to purge the malware from QNAP NAS.”, — says QNAP bulletin.
Additionally, users are traditionally advised to think about “digital hygiene”.
To avoid attacks, QNAP strongly recommends following the steps below:
- Update QTS to the latest version.
- Install and update Security Counselor to the latest version.
- Install and update Malware Remover to the latest version.
- Use a stronger admin password.
- Enable IP and account access protection to prevent brute force attacks.
- Disable SSH and Telnet connections if you are not using these services.
- Avoid using default port numbers 443 and 8080.