Network-Attached Storage (NAS) Devices Infected by Bitcoin-Mining Malware
A Taiwanese hardware company has warned its clients about a targeted crypto mining attack against their storage devices. The malware infects NAS devices connected to the internet by installing a crypto-miner named Dovecat.
Threat Actors Install Malware That Illicitly Mines BitcoinAccording to the advisory revealed by Bleeping Computer, the malware mines bitcoin (BTC) on NAS devices without alerting its operators. The company elaborates on the findings:
QNAP NAS can become infected when they are connected to the Internet with weak user passwords.The malware campaign launched by unknown threat actors has been surfacing over the last three months. Some customers report that the bitcoin miner uses all the CPU and memory resources of the device, rendering it almost unusable. Per a knowledge base article, Qnap says that unless the Dovecat process encounters a recent firmware (4.4.x), the system could have been compromised by the miner. The company recommends updating all NAS devices to the latest software, installing the company’s malware detection applications, and using stronger passwords. Several users have been testing the solutions provided by Qnap, claiming success when applying them. Qnap is a well-known company in the file storage industry. Their devices are apparently built with technology that can handle come crypto mining operations, making them a target for hackers. In fact, in September 2020, the Taiwanese firm warned its customers about the Agelocker ransomware campaign against their publicly exposed NAS devices.