Community-attached storage (NAS) equipment maker QNAP on Tuesday launched a brand new advisory warning of a cryptocurrency mining malware concentrating on its units, urging prospects to take preventive steps with rapid impact.
“A bitcoin miner has been reported to focus on QNAP NAS. As soon as a NAS is contaminated, CPU utilization turns into unusually excessive the place a course of named ‘[oom_reaper]’ might occupy round 50% of the entire CPU utilization,” the Taiwanese firm said in an alert. “This course of mimics a kernel course of however its [process identifier] is normally higher than 1000.”
QNAP mentioned it is at the moment investigating the infections, however didn’t share extra data on the preliminary entry vector that is getting used to compromise the NAS units. Affected customers can take away the malware by restarting the home equipment.
Within the interim, the corporate is recommending that customers replace their QTS (and QuTS Hero) working programs to the most recent model, implement robust passwords for administrator and different consumer accounts, and chorus from exposing the NAS units to the web.
QNAP NAS units have lengthy been a profitable goal for numerous malicious campaigns in recent times.
In July 2020, cybersecurity businesses within the U.S. and U.Okay. issued a joint bulletin a few menace that contaminated the NAS units with a data-stealing malware dubbed QSnatch (or Derek). In December 2020, the machine maker warned of two high-severity cross-site scripting flaws (CVE-2020-2495 and CVE-2020-2496) that enabled distant adversaries to take over the units.
Then in March 2021, Qihoo 360’s Community Safety Analysis Lab disclosed a cryptocurrency marketing campaign that exploited two safety flaws within the firmware — CVE-2020-2506 and CVE-2020-2507 — to achieve root privileges and deploy a miner known as UnityMiner on compromised units. And as of April this yr, QNAP NAS units have additionally been the goal of eCh0raix and Qlocker ransomware assaults.
