US UK Cybersecurity Agencies Warn Of QSnatch Malware Actively Exploiting QNAP Devices

Using QNAP devices, or maybe your WFH users might be using one? Get the message out to back up, reset, and update. Now…:

In a joint alert from the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) have warned of active QSnatch malware attacks. Briefly, they presented their findings regarding a new strain of QSnatch malware. While the malware vector remains unknown, the firms believe that it attacks a vulnerable device as the malicious code runs with it. The malware affects the device firmware whilst allowing the attacker to connect with the C&C by using a domain generation algorithm (DGA). It keeps generating different domain names to communicate with the C&C. QSnatch exhibits numerous malicious functionalities including a CGI password logger to steal credentials, credential scraper, SSH backdoor to execute codes, and webshell for remote access. Also, it bears data exfiltration capability to steal information about predefined files including system configuration and log files. Following a successful attack, the malware persists on the device giving permanent access to the attacker. Whereas, this persistence locks out the device admins from performing various activities, including device update. It means that even if the vendors release a fix, an infected device may never receive the patch.


Original article here