In a malware attack that came into light recently, unpatched network-attached storage (NAS) devices were attacked by malware called UnityMiner and used to mine cryptocurrency. The threat actors in this case attempted to take over the device and install a crypto miner malware named UnityMiner to attain their purpose. This happened as a result of the exploitation of RCE vulnerabilities already patched by QNAP last October.
The malware attack used for crypto mining has been named UnityMiner by the Qihoo 360’s Network Security Research Lab (360 Netlab) researchers.
QNAP was informed about the crypto mining campaign on the 3rd of March, a day after their discovery. The attackers hid the mining process along with the CPU memory resource usage information effectively while customizing the program. This saved them from the QNAP users’ eyes if they checked the system via the WEB management interface.
UnityMiner Malware Affected devices:
All the devices that hadn’t been patched since August 2020 were found vulnerable to the UnityMiner malware. In the malware attack, nearly 4,297,426 NAS devices were found vulnerable by the researchers, all of which used QNAP’s 360 Quake Cyberspace mapping system. QNAP has advised the users to install applicable updates at the earliest. The company has also sent individual emails to the users besides the software updates and the security advisories.
QNAP previously targeted by UnityMiner
This isn’t the first instance when the QNAP devices were targeted by malicious actors on the internet. In a similar incidence, earlier this year, QNAP users were informed of a series of attacks by the company in January. The attacks infected and exploited the QNAP NAS devices in order to mine bitcoin without the users’ knowledge.
Besides this, in September of 2020, a wave of Agelocker ransomware attacks exposed NAS devices publicly as informed by the company. Further back, in the year 2019, an eCh0raix Ransomware (aka QNAPCrypt) campaign targeted NAS devices having outdated QTS firmware and weak passwords in August, while the customers were warned of the QSnatch malware attack and Muhstik ransomware in September and October.
QNAP has advised all its users to install relevant updates on their devices. Another factor to notice here is that even though the patch for these vulnerabilities has been available for more than 6 months but the devices hadn’t been updated for long, leading to the said exploitation of the vulnerabilities.