A new piece of malware dubbed QSnatch is infecting thousands of NAS devices manufactured by the Taiwanese vendor QNAP.
The name comes after the target vendor and the “snatching” activity the malware performs.
According to the German Computer Emergency Response Team (CERT-Bund), over 7,000 devices have been infected in Germany alone.
A couple of weeks ago, the experts at the National Cyber Security Centre of Finland (NCSC-FI), published a report on the QSnatch malware. The experts were alerted about the malware in October and immediately launched an investigation.
“NCSC-FI received reports via the Autoreporter service during mid October of infected devices attempting to communicate
At the time the infection vector
The sample analyzed by the expert was able to perform the following actions:
The modular structure of the malware could allow QSnatch operators to perform a broad range of malicious activities by deploying the necessary modules.
Experts at NCSC-FI suggests to perform a full factory reset of the NAS device to clean the infected devices, another unconfirmed method is to apply an update provided by the vendor.
Once cleaned the device, experts suggest the following actions:
In the past months, other malware targeted NAS devices, in July researchers at two security firms Intezer and Anomali discovered a new piece of ransomware targeting QNAP NAS devices. The ransomware, tracked by Intezer as “QNAPCrypt” and “eCh0raix” by Anomali, is written in the Go programming language and uses AES encryption to encrypt files.
In February, users of the QNAP NAS devices reported a
One of the first attacks against QNAP is dated back 2014, at the time security experts at