Top-selling network attached storage devices (NAS) made by QNAP Systems are being singled out by attackers, who have crafted malware specifically designed for the vendor’s hardware. Researchers at the Finland’s National Cyber Security Centre (NCSC-FI) reported the targeted attacks late last month, dubbing the malware QSnatch.
Once infected, hackers can access the NAS devices and retrieve all related usernames and passwords, sending them to a command-and-control (C2) server, said NCSC-FI.
“The malware has modular capacity to load new features from the C2 servers for further activities,” wrote researchers. “Firmware updates are prevented via overwriting update sources completely… [A] QNAP MalwareRemover App is prevented from being run… [And] firmware updates are prevented via overwriting update sources completely.”