Upgrade Your QNAP NAS Now to Block QSnatch Malware

Posted on by

I’m going to go ahead and pat myself on the back for setting up Google Alert for the words “Qnap” and “malware.” I use one of the company’s NAS boxes, like many others, and now I have the ability to protect my device from the nasty new malware that is gaining traction.

QSnatch, aka malware, injects code into the firmware of your QNAP NAS device, which can then call the command and control server to dump additional code onto your device. Ultimately, according to the Finnish National Cybersecurity Center , QSnatch can do the following:

  • Changed synchronized jobs and operating system scripts (cronjob, init scripts)
  • Firmware updates are prevented by completely overwriting update sources
  • QNAP MalwareRemover Application Does Not Launch
  • All usernames and passwords associated with the device are retrieved and sent to the C2 server.
  • The malware has the modular ability to download new functionality from C2 servers for further work.
  • The call home action to the C2 servers is configured to run at scheduled intervals.

In other words, your NAS box is mostly hosed.

How can this be prevented? Start your NAS server, log into the web interface (which you can do in easy mode by installing Qfinder Pro ) and update your device’s firmware. You will most likely be prompted to do so if an update is available as soon as you log in. If not, it will be possible to check for updates on the settings screen of your NAS:

I would click on it to make sure you are using the latest QNAP firmware for your device. However, your NAS box may be as old as mine and not have this update. Ugh. In this case, you can try a few more steps.

First, make sure you are using the latest version of Qnap’s Security Counselor, if applicable. Open the Application Center of your Nas Box. If Security Counselor is installed, you can update it; otherwise, you should be able to find and install it. Either way, open the latest version of the app and run a full scan of your system.

Your old NAS box may not be able to start Security Counselor. If so, let’s continue. You should also be able to install and run the Malware Remover application from the Security section of the Qnap Application Center. At least this is a great way to remove QSnatch from your NAS server (even if no one knows yet how it infects NAS devices at all). Make sure you are using version “3.5.4.0” or “4.5.4.0”. applications, advises QNAP to ensure that it can detect and repair QSnatch.

QNAP also recommends that you enable “IP and account access protection”, disable SSH and Telnet if you are not using these connections, and do not use the default port numbers on your NAS – all settings you can easily change with helpful instructions. QNAP.

Otherwise, if none of these solutions help – and you find your system is infected – a hard reset should remove the malware. Remember to back up your data elsewhere before erasing everything.

More…

0
Hacks

Leave a Reply