article featured image


Yesterday, QNAP (Quality Network Appliance Provider), the provider of solutions in fields like hardware design, in-house manufacturing, or software development having its focus on video innovation, storage, and networking, published a security alert on their website informing about a new cryptocurrency mining malware that has started to target its devices.  Customers are required to implement straight off some preventive measures.

A bitcoin miner has been reported to target QNAP NAS. Once a NAS is infected, CPU usage becomes unusually high where a process named “[oom_reaper]” could occupy around 50% of the total CPU usage. This process mimics a normal, legitimate kernel process with the same name. However, while the legitimate kernel process PID is usually below 1000, the bitcoin miner PID is usually greater than 1000.


The company wrote that a current investigation is ongoing on this topic, however, data related to the initial vector access vector has not been provided.

Mitigation Measures Recommended by QNAP

Following this news, QNAP made also some recommendations for its clients on how to keep their devices protected:

  • The QTS or QuTS hero should be updated to the most recent version;
  • Malware Remover should be also installed and updated to the most recent version;
  • Administrator and user accounts should be safeguarded with powerful passwords;
  • All the installed apps should be updated to the latest version;
  • Default system port numbers 443 and 8080 should not be used and also should be avoided the exposure of NAS to the internet;
  • Another malware mitigation measure would be that users may also restart their NAS devices if they suspect that the cryptocurrency mining malware compromised their devices.

Details on how to implement all the recommended prevention and mitigation measures are also shared in the same alert.

For any other issues or questions, the company could also be contacted at the QNAP Helpdesk.

QNAP Devices Targeted In the Past Too by Other Malware

We also wrote in March about a cryptocurrency mining campaign featuring the UnityMiner that was targeting at that time unpatched QNAP NAS devices. The mining program exploiting QNAP vulnerabilities dubbed Unity Miner was discovered by 360 Netlab researchers and it was targeting two QNA vulnerabilities classified CVE-2020-2506 and CVE-2020-2507.

Before these revealed attacks, however, NAS had been already targeted for some months by other infections related to eChOraix Ransomware, Muhstik Ransomware, or QSnatch malware.

Did you enjoy this article? Follow us on LinkedInTwitterFacebookYoutube, or Instagram to keep up to date with everything we post!

Author Profile

Andra Andrioaie

Security Enthusiast

linkedin icon

Hi! My name is Andra and I am a passionate writer interested in a variety of topics. I am curious about the cybersecurity world and what I want to achieve through what I write is to keep you curious too!