QSnatching Your Candy

The nastiest trick one can encounter on Halloween would involve having their NAS infected with malware. Sergiu Gatlan at BleepingComputer has posted some information on a new malware strain that is targeting… wait for it… QNAP NAS devices. While the root cause of exploitation hasn’t been pinned down at the time of this writing, we have our theories related to which default app or service may be used in such efforts. Out of an abundance of caution, we’d recommend heeding the advice provided by NCSC-FI with respect to disconnecting them from the Internet. If you have myQNAPCloud enabled or various NAS services exposed externally, temporary disabling the services and removing less restrictive firewall rules to expose said services should provide sufficient mitigation until the root cause can be identified. Hopefully, those who have been infected have a solid backup strategy in order to restore their data in the event that a full wipe of the NAS is required.