Crypto mining malware has when again qualified Community-Connected Storage (NAS) products of common Taiwanese storage maker QNAP.
The new malware, uncovered by scientists at Qihoo 360’s Community Stability Exploration Lab (360 Netlab), is exploiting an previously-patched distant code execution (RCE) vulnerability, which allowed attackers to break into the unit and use it for destructive crypto mining duties.
“According to the vendor’s request, we are not disclosing the technological specifics of the vulnerability in order to protect QNAP NAS people, [and] we speculate that there are continue to hundreds of 1000’s of online QNAP NAS products with the vulnerability,” 360 Netlab observed in its report.
Unpatched targets
The scientists very first found reviews of the marketing campaign in the beginning of March, quickly realising that what they dubbed UnityMiner could perhaps infect all QNAP NAS products running firmware versions that have not been patched because August 2020.
Irrespective of a repair currently being out there for around six months, the scientists uncovered around four.2 million NAS products all around the planet that can be perhaps exploited by the malware.
Commenting on the workings of the malware, the scientists observe that “the attacker tailored the software by hiding the mining course of action and the real CPU memory source use data, so when the QNAP people test the system use by using the Net management interface, they are not able to see the irregular system behavior.”
QNAP and the scientists have recommended people to right away update the firmware on their products to thwart the attacks.
By means of: BleepingComputer