NAS QNAP under attack, dovecat sneaks and mines cryptocurrencies. How to protect yourself
Source: HW Upgrade added 22nd Jan 2021
QNAP has alerted users of its NAS from a new threat called dovecat that uses the device’s resources to mine cryptocurrencies. Weak password-protected systems hit: here’s how to protect yourself.
by Manolo De Agostini published 22 January 2021 , at 00: 21 in Security channel
Qnap
QNAP has published a security bulletin in which it warns customers of a new danger called “dovecat” who is targeting his NAS , so exploit its resources to mine cryptocurrencies . The company claimed that the malware is currently spreading by infiltrating QNAP NAS protected by weak passwords. Taiwanese company’s notice comes after reports by its users, who since last year have noticed two unknown processes, dovecat and dedpma , which worked constantly occupying the memory and computing resources of the NAS .
Matthew Ruffell, Canonical engineer and founder of Dapper Linux, analyzed the malware after tracking it down on an Ubuntu system and found that while it can infect any Linux system, seemed to have been designed for the internal structure of QNAP’s NAS. The name “dovecat”, by the way, is a pretty clear clue, as the malware proves pretending to be dovecot, an email daemon found within the QNAP firmware and in many Linux distributions. Dovecat is not the first malware targeting QNAP systems, also the subject of the attention of ransomware Muhstik, ec0raix, AgeLocker and QSnatch malware.
How to protect yourself from dovecat
Since malware can penetrate systems with weak passwords, therefore not very elaborate, QNAP suggests the following countermeasures :
- Use password strongest administration
- Use stronger passwords for database administrators
- Disable SSH and Telnet services if not used
- Disable unused services and applications
- Avoid using default ports (80, 443, 8080 is 8081)
- Update QTS to the latest version
- Install the latest version of Malware Remover
- Install Security Counselor and start it with Intermediate Security Policy (or higher).
- Install a firewall
- Enable Network Access Protection (NAP) to protect accounts from brute force attacks
- Follow the best practice to improve NAS security
Finally, the Taiwanese company makes it known that it is engaged in the development of a tool for the removal of dovecat from devices vi already infected.
Read Also: Building a DIY NAS: How to Choose the Hardware