Categories: Computer SecurityMalware

CISA Warns that More than 62,000 QNAP NAS Devices Affected with QSnatch Malware

CISA and NCSC warn that more than 62,000 QNAP NAS devices infected with a malware strain known as QSnatch. All QNAP NAS devices are affected if the latest security fixes are not applied.

The campaign found to be active since late 2019, and they primarily target Network Attached Storage (NAS) devices manufactured by the firm QNAP.

QSnatch Malware Campaign

CISA and NCSC discovered that two campaigns of QSnatch malware activity;

  1. The first campaign began in early 2014 and continued until mid-2017
  2. The second campaign starts in late 2018 and was still active in late 2019.

“This alert focuses on the second campaign as it is the most recent threat. It is important to note that infrastructure used by the malicious cyber actors in both campaigns is not currently active, but the threat remains to unpatched devices.,” CISA said.

The malware is highly sophisticated, and its infection vector has not been identified. It appears the malware directly gets inject to the device firmware during the infection stage and the malicious code runs within the device compromising it.

Following are the malware functionalities

  • CGI password logger
  • Credential scraper
  • SSH backdoor
  • Exfiltration
  • Webshell functionality for remote access

C2 communication established using a domain generation algorithm (DGA) that generates multiple domain names for use in C2 communications.

For maintaining persistence the malware prevents installing updates with the infected QNAP device by modifying the host’s file.

According to CISA analysis, “in mid-June 2020, there were approximately 62,000 infected devices worldwide; of these, approximately 7,600 were in the United States and 3,900 were in the United Kingdom.”

CISA and NCSC recommend organizations running a vulnerable version must run a full factory reset on the device before completing the firmware upgrade to ensure the device is not left vulnerable. Also, CISA provides mitigations for organizations.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Also Read

Hackers Infect More than 500,000 Routers Worldwide with a Potentially Destructive VPNFilter Malware

New eCh0raix Ransomware Attacking Linux File Storage Servers

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Leave a Comment
Share
Published by
Gurubaran
Tags: computer securityQNAP
5 years ago

Recent Posts

Google’s SafetyCore App Secretly Scans All Photos on Android Devices

Recent revelations about Google’s SafetyCore app have ignited a firestorm of privacy debates, echoing Apple’s…

52 minutes ago

New “nRootTag” Attack Turns 1.5 Billion iPhones into Free Tracking Tools

Security researchers have uncovered a novel Bluetooth tracking vulnerability in Apple’s Find My network –…

2 hours ago

Authorities Arrested Hacker Behind 90 Major Data Breaches Worldwide

Cybersecurity firm Group-IB, alongside the Royal Thai Police and Singapore Police Force, announced the arrest…

3 hours ago

Cisco Nexus Vulnerability Allows Attackers to Inject Malicious Commands

Cisco Systems has issued a critical security advisory for a newly disclosed command injection vulnerability…

6 hours ago

New Wi-Fi Jamming Attack Can Disable Specific Devices

A newly discovered Wi-Fi jamming technique enables attackers to selectively disconnect individual devices from networks…

6 hours ago

GitLab Vulnerabilities Allow Attackers to Bypass Security and Run Arbitrary Scripts

GitLab has urgently released security updates to address multiple high-severity vulnerabilities in its platform that…

8 hours ago