Qnap Security Advisory Bulletin ID: QSA-21-56

Qnap Systems, Inc. has published a security advisor concerning a bitcoin miner to target company’s NAS.

Investigating Bitcoin Miner [oom_reaper]

Release date: December 7, 2021
Security ID: QSA-21-56
Affected products: All Qnap NAS
Status: Investigating

Summary
A bitcoin miner has been reported to target Qnap NAS. Once a NAS is infected, CPU usage becomes unusually high where a process named ‘[oom_reaper]’ could occupy around 50% of the total CPU usage. This process mimics a kernel process but its PID is usually greater than 1000.

The company strongly recommend users to act immediately to protect their device.

If you have any questions regarding this issue, please contact us through the Qnap Helpdesk.

Recommendation:
To protect your device from infection, the company recommend the following actions:

Update QTS or QuTS hero to the latest version.
Install and update Malware Remover to the latest version.
Use stronger passwords for your administrator and other user accounts.
Update all installed applications to their latest versions.
Do not expose your NAS to the internet, or avoid using default system port numbers 443 and 8080.

If you suspect your NAS has been infected with the bitcoin miner, restarting the NAS may also remove the malware.

Updating QTS or QuTS hero:

Log on to QTS or QuTS hero as administrator.
Go to Control Panel > System > Firmware Update.
Under Live Update, click Check for Update.
QTS or QuTS hero downloads and installs the latest available update.

Updating Malware Remover:

Log on to QTS or QuTS hero as administrator.
Open the App Center and then click
A search box appears.
Enter ‘Malware Remover’.
Malware Remover appears in the search results.
Click Update.
A confirmation message appears.
Note: The Update button is not available if your Malware Remover is already up to date.
Click OK.
The application is updated.

Changing an administrator password:

Log on to QTS or QuTS hero as administrator.
Click the profile picture on the QTS or QuTS hero Task Bar.
The Options window opens.
Click Change Password.
Specify the old password.
Specify the new password.
Qnap recommends the following criteria to improve password strength:
- At least eight characters in length
- Include both uppercase and lowercase characters
- Include at least one number and one special character
- Must not be the same as the username or the username reversed
- Must not include characters that are consecutively repeated three or more times
Verify the new password.
Click Apply.

Changing user passwords:

Log on to QTS or QuTS hero as administrator.
Go to Control Panel > Privilege > Users.
Select a user.
Click Change Password.
The Change Password window appears.
Specify the old password.
Specify the new password.
Qnap recommends the following criteria to improve password strength:
- At least eight characters in length
- Include both uppercase and lowercase characters
- Include at least one number and one special character
- Must not be the same as the username or the username reversed
- Must not include characters that are consecutively repeated three or more times
Verify the new password.
Click Apply.
Repeat the above steps to change passwords for other users.

Updating all installed applications:

Log on to QTS or QuTS hero as administrator.
Go to App Center.
Select My Apps.
Next to Install Updates, click All.
A confirmation message appears.
Click OK.
QTS or QuTS hero updates all your installed applications to their latest versions.

Changing system port number:

Log on to QTS or QuTS hero as administrator.
Go to Control Panel > System > General Settings > System Administration.
Specify a new system port number.
Warning: Do not use 443 or 8080.
Click Apply.
QTS or QuTS hero applies the new system port number.

Revision History: V1.0 (December 7, 2021) – Published