Cryptojackers Target QNAP's NAS Products Once Again

(Image credit: Shutterstock)

QNAP today released a security advisory to say that all of its NAS products are being targeted by attackers installing cryptocurrency-mining malware on the devices.

"Once a NAS is infected," QNAP said, "CPU usage becomes unusually high where a process named '[oom_reaper]' could occupy around 50% of the total CPU usage."

NAS devices aren't equipped with the mightiest components—even QNAP's flagship products feature entry-level Intel Celeron processors—so losing half of the device's power to crypto-mining malware could lead to a noticeable loss in performance.

QNAP didn't offer additional details about how the malware is spreading, when it first appeared, or how many of its NAS products have been compromised to date.

The company did say that "if you suspect your NAS has been infected with the bitcoin miner, restarting the NAS may also remove the malware," however.

In the meantime, QNAP said its devices could be protected by taking these actions:

  1. Update QTS or QuTS hero to the latest version.
  2. Install and update Malware Remover to the latest version.
  3. Use stronger passwords for your administrator and other user accounts.
  4. Update all installed applications to their latest versions.
  5. Do not expose your NAS to the internet, or avoid using default system port numbers 443 and 8080.

Additional information about how to take each of those steps is available via the security advisory.

The Record reported that [oom_reaper] is far from the first malware to target QNAP's products. Numerous ransomware strains (Muhstik, Qlocker, eCh0raix, and AgeLocker) and other cryptojackers have also been used to infect the NAS devices.

Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.

  • jeremyj_83
    QNAP flagship products have much better CPUs than Intel Celerons. We have one where I work that has a Ryzen 1700. Newer ones I've seen have Ryzen 3700X, Epyc 7302p, Xeon E 2236, etc...
  • daeros
    I’m not here to bat for QNAP, but their flagship devices have much better than a Celeron. I just deployed a pair of TS-H2490FU SANs, and they have AMD Epyc 7302 processors and 256GB of RAM each. They also have some with dual active controllers with i7 and their Xeon equivalents.
  • kal326
    QNAP: Let’s all these mostly useless cloud integration apps and services to our decides to try to spin it as value added.

    Also QNAP: Don’t expose your NAS to the internet if all possible. How if you do, don’t do it in the was that our click out of the box setup tells you too.

    I had one unit getting pounded by failed default administrative account login attempts years ago with just their cloud link enabled which evidently was enough to expose the public endpoint to the world to try to brute force. Luckily that account was disabled and replaced with a none standard. Seems they have been getting hacked left and right though.
  • punkncat
    Synology faces the same issues.

    The control panel for the NAS will throw a message every now and again to tell you the password you are using may have been compromised. On its own it seems sort of a built in, time related thing, but in conjunction with the MS and Apple programs that search for breeched passwords is immediate cause to do so.