The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the UK’s National Cybersecurity Centre (NCSC) have issued an alert about the QSnatch malware that affects QNAP NAS devices. A network-attached-storage (NAS) device is a device that is connected to a network, residential or commercial, that provides a centralized data storage location for network users. Normally, a NAS is configured to only allow connections from internal computers on a private network, but it can be made accessible over the Internet. In some cases, companies or individuals inadvertently allow connections from the Internet to their NAS, which can lead to a compromise. QSnatch is malware that was most active between early 2014 to late 2019 and has resurged recently. There are still around 62,000 QNAP devices that are vulnerable and easily discoverable over the Internet. QSnatch has the capabilities to steal user credentials, install a web shell to provide remote access, inject malicious code retrieved from its Command and Control (C2) server, steal files and install a fake device admin login page to phish for credentials. Once a device is infected, QSnatch will block all incoming software updates to prevent any malware removers from running.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in