Unpatched network-attached storage (NAS) devices are targeted in ongoing attacks where the attackers try to take them over and install cryptominer malware to mine for cryptocurrency.
The threat actors exploit two pre-auth remote command execution (RCE) vulnerabilities in the Helpdesk app patched by QNAP in October 2020.
Cryptomining malware discovered on NAS devices compromised during this campaign was named UnityMiner by researchers at Qihoo 360’s Network Security Research Lab (360 Netlab).
Read more…
Source: Bleeping Computer