Data-stealing, password-harvesting, backdoor-opening QNAP NAS malware Qsnatch reaches 62,000 infections

Data-stealing, password-harvesting, backdoor-opening QNAP NAS malware Qsnatch reaches 62,000 infections

The number of QNAP network-attached storage (NAS) boxes infected with the data-stealing QSnatch malware has reached 62,000, the US and UK governments warned today.


A joint statement from America's Cybersecurity and Infrastructure Security Agency (CISA) and Britain's National Cyber Security Centre (NCSC) said the software nasty, first spotted in October, has increased its infection count from 7,000 devices that month to tens of thousands by mid-June, 2020, with "a particularly high number of infections in North America and Europe." It is estimated 7,600 hijacked QNAP boxes were in America, and 3,900 in the UK.


The situation is particularly messy because Taiwan-based QNAP has not, to the best of our knowledge, disclosed exactly how the malware breaks into vulnerable boxes, advising simply that owners should ensure the latest firmware is installed to prevent future infection. Judging from conversations people have had with the manufacturer's support desk, it appears there was a remotely exploitable hole in the firmware, perhaps down to the operating system level, which was fixed in November.


CISA and NCSC are none the wiser. The latest firmware includes a malware scanner, we note.


Another headache is that the malware, once on a NAS box, may block the installation of future firmware updates, so folks are advised to factory reset their devices, wiping them clean, if they're still running a vulnerable version so that they can be successfully upgraded.


Cover your NASes: QNAP acknowledges mystery malware but there's no patch yet


stealing password harvesting backdoor opening malware qsnatch reaches infections