For about three months there have been several reports of excessive resource consumption of QNAP NAS. As the same company confirmed in November, the problem is due to the cryptominer Dovecat. QNAP has now published a security advisory to inform users of the steps to follow to reduce the risk of infection.
QNAP has provided ten tips to reduce the risk of infection:
Update QTS to the latest version Install the latest version of Malware Remover Install Security Counselor and run it with intermediate security policy Install a firewall Enable Network Access Protection (NAP) to protect accounts from brute force attacks Use strong passwords for administrators Use strong passwords for database administrators Disable SSH and Telnet services, if not used Deactivate unused apps and services Avoid using the default ports (80, 443, 8080 and 8081) These are however preventive actions. QNAP has promised the arrival of a tool for removing Dovecat from already infected NAS.
Source: QNAP
QNAP: Actions to protect the NAS
In late October, an engineer from Canonical had analyzed the malware discovered in one version of Ubuntu. Dovecat is a Bitcoin miner that can infect Linux systems, hence also the QTS operating system of QNAP NAS. Malware can enter the NAS connected to the Internet if the user chooses too weak passwords. Its presence is immediately noticeable because the consumption of RAM and CPU grows excessively.QNAP has provided ten tips to reduce the risk of infection:
Update QTS to the latest version Install the latest version of Malware Remover Install Security Counselor and run it with intermediate security policy Install a firewall Enable Network Access Protection (NAP) to protect accounts from brute force attacks Use strong passwords for administrators Use strong passwords for database administrators Disable SSH and Telnet services, if not used Deactivate unused apps and services Avoid using the default ports (80, 443, 8080 and 8081) These are however preventive actions. QNAP has promised the arrival of a tool for removing Dovecat from already infected NAS.
Source: QNAP