Cyber Security

Don’t Get QSnatched!

 September 9, 2020

By  Anton Kiorolgo

QNAP devices are at risk! No, this isn’t a dramatic headline, but the truth. Network-attached storage (NAS) solutions are at risk of falling victim to the Malware.

Official estimates predict that 7,600 infected devices are in the US, and around 3,900 in the UK. That’s a whole lot of expansion from late 2019 when it was discovered. The malware has grown to possession of more than 7,000 bots.

The agencies involved in researching the malware estimate that the first wave likely launched in 2014 and continued until mid-2017. The second wave likely launched int 2018 and continued into 2019.

Why QSnatch is So Dangerous:

CISA and the NCSC have noted that there are two versions of the QSnatch malware (also tracked under the name Derek).

QSnatch has some new features, as noted by researchers. The unfortunate fact is that these features make the malware that much more dangerous.

GCI Password Logger/Credential Scaper – This installer downloads and enables a fake version of the device’s admin login page, uses it to collect the real admin permissions, then using them on the actual device admin login pages.

SSH Backdoor – Through this malware, the intruder can run any code they’d like.

Exfiltration – When run, QSnatch steals a predetermined list of files, which includes system configurations and log files. These files are then handed over to the attacker to do what they may – and trust us, you don’t want to find out what they’re capable of.

What’s the short version – be warned, it’s scary – experts aren’t sure yet of how the malware is propagating itself.

Subscribe to our newsletter now!