What has happened?
The security advisory was released after the company started receiving reports from its users, last year, concerning two unknown processes (dovecat and dedpma). Both processes were consuming the device's memory and running non-stop to mine cryptocurrency, later identified as Dovecat.
The malware can infect Linux systems. However, it has been specifically created to target the internal structure of QNAP NAS devices. It propagates via targeting weak passwords.
The malware uses the dovecat process name for a certain reason. It tries to pass the security as Dovecot, a valid email daemon that comes along with the QNAP firmware and several Linux distros.
In addition, the same malware was reported to be targeting users of Synology NAS devices, where it managed to run without any problems.
The malware campaign was ongoing for at least three months and many NAS devices were infected and left unusable due to the Bitcoin miner using almost all CPU and memory resources.
Recently, a malware named VPNFilter had infected hundreds of networks, including QNAP, TP-Link, and Ubiquiti.
Last month, QNAP security team released updates to fix various critical vulnerabilities in NAS devices.
For the last two months, QNAP devices are under constant attack from ransomware that exploit u ..