Taiwanese vendor QNAP has published a security advisory to warn customers of a new piece of malware named Dovecat that is targeting NAS devices. The malware was designed to abuse NAS resources and mine cryptocurrency.
The malware targets QNAP NAS devices exposed online that use weak passwords.
“QNAP Systems, Inc. (QNAP), a leading computing, networking and storage solution innovator, today issued a statement in response to recent user reports that a new type of malware named dovecat is targeting QNAP NAS and installing bitcoin miners without user consent.” reads the security advisory published by the vendor.
“According to analysis, QNAP NAS can become infected when they are connected to the Internet with weak user passwords.”
Since the end of 2020, several users reported infections (, ) to their devices, they noticed the presence of the “dedpma” and “dovecat” processes that were causing a high processor load and saturating the RAM of the NAS.
In November, the vendor published a post warning its customers that NAS devices with dovecat and dedpma running processes were infected by Bitcoin cryptocurrency miner.
“If such processes are running on recent FW (4.4.x), it means the system has been compromised and is running a Bitcoin miner.” states the post published by QNAP.
“In the meantime, please update the NAS firmware and Malware Remover in the App Center to the latest version if not done already to ensure the latest security patches are applied on the NAS.”
According to the experts, the same Bitcoin malware also infected Synology NAS devices.
QNAP recommends users to take the following measures to prevent these infections:
In December, QNAP released security updates to fix eight vulnerabilities that could be exploited by attackers to over unpatched NAS devices.
In September, while the AgeLocker ransomware was continuing to target QNAP NAS systems, the Taiwanese vendor urged customers to update the firmware and apps.
In June the company also warned of eCh0raix ransomware attacks that targeted its NAS devices.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, QNAP)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.