The US Cybersecurity and Infrastructure Security Agency (CISA) and the UK’s National Cybersecurity Centre (NCSC) have issued an alert regarding the QSnatch malware that affects QNAP NAS devices, urging all device owners to apply the latest security patch from the device manufacturer. A network-attached-storage (NAS) device is a device that is connected to a network, residential or commercial, that provides a centralized data storage location for network users. QSnatch is a malware targeting a vulnerability in unpatched devices that was most active between early 2014 to late 2019, but has seen a resurgence as of late. There are still around 62,000 unpatched QNAP devices that are vulnerable to attack and are accessible over the Internet. QSnatch has the capabilities to steal user credentials, install a web shell to provide remote access, inject malicious code retrieved from its Command and Control (C2) server, steal files and install a fake device admin login page to phish for credentials. Once a device is infected, QSnatch will block all incoming software updates to prevent any malware removers from running.
Analyst Notes
For small to medium-sized businesses, having a NAS is essential so that all the important data that needs to be accessed by multiple users is stored in a secure location. All QNAP users are recommended to first perform a factory reset on their device to verify that no malicious programs are running or installed, then install the latest firmware upgrade from the QNAP website.
Source article: https://www.bleepingcomputer.com/news/security/uk-and-us-warn-qnap-owners-to-upgrade-firmware-to-block-malware/
CISA alert: https://www.ncsc.gov.uk/files/NCSC%20CISA%20Alert%20-QNAP%20NAS%20Devices.pdf
