QNAP has recently warned its customers of an ongoing campaign that is targeting QNAP NAS (Network Attached Storage) devices and infecting them with cryptomining malware. This particular campaign is deploying software designed to mine Bitcoin and using your computing power to generate profits for them. If you are infected, you’ll see a new process running on your system named “OOM_Reaper.”
While it’s certainly not the direst threat you can face the malware will utilize up to 50 percent of your system’s processing power while mimicking a kernel process with a PID higher than 1000.
If you find that you are already infected, here are the steps the company recommends taking to rid yourself of the malware:
- Update QTS or QuTS hero to the latest version.
- Install and update Malware Remover to the latest version.
- Use stronger passwords for your administrator and other user accounts.
- Update all installed applications to their latest versions.
- Do not expose your NAS to the internet, or avoid using default system port numbers 443 and 8080.
The company has really been struggling this year as they have been targeted by an unusual surge in attacks against them and the equipment they sell. In January QNAP urged their users to defend themselves from a nasty malware attack that rendered their NAS devices unusable after spawning rogue processes that would soak up most of the target system’s processing power. Then in March the company faced a similar cryptomining campaign which installed a miner called UnityMiner.
Before that beginning in May of 2019 and continuing intermittently until June of 2020 QNAP users faced a spate of eChoraix ransomware attacks which came to also be known as QNAPCrypt.
All that to say that if you’re a QNAP customer you’re probably already familiar with threats on the landscape. If you’re not doing so already be sure to head to the company’s website and review their FAQ page which lists current best practices relating to security.