Network-Attached Storage (NAS) Devices Infected by Bitcoin-Mining Malware

A Taiwanese hardware company has warned its clients about a targeted crypto mining attack against their storage devices. The malware infects NAS devices connected to the internet by installing a crypto-miner named Dovecat.

Threat Actors Install Malware That Illicitly Mines Bitcoin

According to the advisory revealed by Bleeping Computer, the malware mines bitcoin (BTC) on NAS devices without alerting its operators. The company elaborates on the findings:

QNAP NAS can become infected when they are connected to the Internet with weak user passwords.

The malware campaign launched by unknown threat actors has been surfacing over the last three months. Some customers report that the bitcoin miner uses all the CPU and memory resources of the device, rendering it almost unusable. Per a knowledge base article, Qnap says that unless the Dovecat process encounters a recent firmware (4.4.x), the system could have been compromised by the miner. The company recommends updating all NAS devices to the latest software, installing the company’s malware detection applications, and using stronger passwords. Several users have been testing the solutions provided by Qnap, claiming success when applying them. Qnap is a well-known company in the file storage industry. Their devices are apparently built with technology that can handle come crypto mining operations, making them a target for hackers. In fact, in September 2020, the Taiwanese firm warned its customers about the Agelocker ransomware campaign against their publicly exposed NAS devices.

Latest Figures on Cryptojacking Incidents

The latest statistics revealed by Symantec unveiled a growing trend in cryptojacking incidents. According to the study, the second quarter of 2020 saw a resurgence of attacks, increasing 163% compared to the previous quarter’s activity. The cybersecurity lab also confirms what most malware researchers conclude about cryptojacking: bitcoin and monero (XMR) are the two currencies most often mined during these attacks. What are your thoughts on this cryptojacking incident? Let us know in the comments section below.