The nastiest trick one can encounter on Halloween would involve having their NAS infected with malware. Sergiu Gatlan at BleepingComputer has posted some information on a new malware strain that is targeting… wait for it… QNAP NAS devices. While the root cause of exploitation hasn’t been pinned down at the time of this writing, we have our theories related to which default app or service may be used in such efforts. Out of an abundance of caution, we’d recommend heeding the advice provided by NCSC-FI with respect to disconnecting them from the Internet. If you have myQNAPCloud enabled or various NAS services exposed externally, temporary disabling the services and removing less restrictive firewall rules to expose said services should provide sufficient mitigation until the root cause can be identified. Hopefully, those who have been infected have a solid backup strategy in order to restore their data in the event that a full wipe of the NAS is required.
We’ve completed the testing and validation of our PiHole setup process for QNAP NAS units using Container Station. The initial intent of using the vendor-provided Docker image ran into a number of issues which have been well captured in the QNAP forums. While the possible workarounds will enable it to run, the reliability may be somewhat suspect. Instead, the option to use an Ubuntu 18.04 LXC base with minimal modification felt like a better fit with consistent results. The formal documentation is available under the Reviews and Procedures section of the site. We’ll have much to discuss over the coming days and weeks.