62,000 QNAP NAS devices infected with persistent QSnatch malware
The US CISA and UK NCSC have warned that there are roughly 62,000 QNAP Network Attached Storage devices infected with malware. The compromised devices are located across the globe and are allowing unknown cyber actors to access stored information. The malware variant targeting the QNAP devices has been named QSnatch and targets QTS, which is the Linux-based OS powering the devices.
The malware is able to steal credentials, create an SSH backdoor, and a web shell, as well as exfiltrate files and prevent users from installing updates. Variants of the QSnatch malware have been around since at least 2019, as two agencies have identified campaigns aimed at spreading it. Experts report that the malware appears to be injected into the device firmware during the infection stage, and the malicious code runs within the device after initial infection to compromise the device.