Thousands of QNAP NAS devices have been infected with the QSnatch malware
Threat actors are targeting network-attached storage (NAS) devices produced by Taiwanese tech firm QNAP with QSnatch, a malware strain that has not been spotted before. The German Computer Emergency Response Team (CERT-Bund) has reported more than 7,000 infections so far, but the campaign is targeting devices across the world.
A preliminary analysis of the malware by the National Cyber Security Centre of Finland (NCSC-FI) shows that QSnatch is capable of stealing usernames and passwords, preventing firmware updates on infected devices and making other changes to the host operating system in order to avoid detection and gain persistence. The researchers are not sure what the main purpose of the malware is, but have suggested distributed denial-of-service (DDoS) attacks, cryptocurrency mining, or creating a backdoor for future campaigns as possible answers to this question.