Saw this on the Roon forum so I thought I’d pass it on since there’s nothing here. Apparently there is also a QNAP malware removal tool.
Thousands of QNAP NAS devices have been infected with the QSnatch malware
Saw this on the Roon forum so I thought I’d pass it on since there’s nothing here. Apparently there is also a QNAP malware removal tool.
Thousands of QNAP NAS devices have been infected with the QSnatch malware
Thanks. I no longer use my QNAP for anything important (I moved all my files to a dedicated Intel NUC running Roon ROCK), but I will take the relevant security measures just to be sure.
This is pretty old news. There have been a number of Malware threats on QNAP over the last 18 months or so. Some have come from poor security in their own apps. I stopped using their web access a while ago due to this. Keep up to date and have Malware remover running and you should be fine. Use two step authentication to.
I have a QNAP NAS with all my music on it connected to my network. I have kept the NAS software up to date. How can I prevent possible malware infection. If I disconnect it from my switch and hence off internet , I won’t be able to stream to my streamer.
Thanks for the heads up just not sure what to do
Yep old news and this type of attack is not just down to QNAPs.
Remove unwanted apps, update the ones you need, apply latest QNAP firmware and the Malware remover tool.
Also within apps disable (stop) Download Station
To disconnect QNAP from WAN a static IP will need to be applied then remove gateway entry this will still be visible on the LAN. Or if you have a decent firewall you can block QNAP WAN access.
Most recommend to turn off qnap Cloud to.
Thanks for the heads up on this.
I’ve never heard of this before and didn’t have the AntiMalware app running, but do now.
I’ve just updated everything and turned off the Downloads app, and all other apps I don’t use…
I ended up shutting my QNAP down altogether. I no longer use it for anything important anyway. My FLAC library is now on an internal SSD of the NUC that runs Roon ROCK. I stopped using UPnP when I changed to Roon.
When I had my QNAP shutting down everything non-essential for Asset also improved sound quality, so you may find an unexpected additional benefit
Same here actually. I got a Roon Nucleus. I’ve still got to get round to selling the QNAP…
I installed and ran the QNAP Malware tool for the first time last night. It said it found and removed a number of items! Who knew?!?!?!
Many months ago after discovering repeated attempts to connect to my QNAP from addresses that resolved to a Frankfurt ISP I went to Control Panel > System > Security and in the Allow/Deny list allowed connections only from addresses in my home IP range (plus the single loopback address of 127.0.0.1—which I seem to recall was required to allow Roon to run properly). Since then I have logged no unauthorised connection attempts.
Thank you, though, for those who mentioned the Malware Removal tool: now downloaded and installed as another precaution.
Stephen
Loaded and ran the malware app.when you say shut off other apps do you delete them or is there a way to shut them off?Is there a separate download app?there are many apps that are preloaded with the QNAP do I delete if not in use. I only use Asset and the backup app
Thanks
From memory (which isn’t saying much), I just stopped the apps or uninstalled them.
I got the security email from QNAP and did all the recommended remedies. I have a question about the last one though. It says not to use port 8080 or 443.
Screen Shot 2019-11-02 at 11.25.25 AMWhat number do I use? And do I change both?
Any chance you can share that email from QNAP?
Hopefully this readable.
…
Taipei, Taiwan, November 2, 2019 - QNAP® had published security enhancement against security vulnerabilities that could affect specific versions of QNAP products. Please use the following information and solutions to correct the security issues and vulnerabilities.
Release date: November 1, 2019
Security ID: NAS-201911-01
Severity rating: High
CVE identifier : N/A
Affected products : QNAP NAS devices
The QSnatch malware is reportedly being used to target QNAP NAS devices. The National Cyber Security Center Finland (NCSC-FI) has received reports via the Autoreporter service in mid-October about infected devices attempting to communicate with specific command-and-control (C2) servers.
No other vulnerabilities have been found in the current investigation on the malware. We have added rules to remove the QSnatch malware and released Malware Remover 3.5.4.0 and 4.5.4.0.
If you have any questions regarding this issue, contact us through the QNAP Helpdesk.
To avoid attacks, we strongly recommend following the steps below:
Revision history: V2.0 (November 2, 2019) - Updated
V1.0 (November 1, 2019) - Published
If you have any questions regarding this issue, please contact us at https://www.qnap.com/go/support-ticket/.
Please note Security Counselor is only available on firmware release 4.3.5 older NAS boxes may only go up to firmware 4.3.3.
The Malware remover works on older 4.3.3.
I installed Malware Remover and found that it denied access to both my Asset server and my Roon server which run on my Qnap.
I dumped Malware remover and normal service was restored so for me the cure was worse than the disease. There seems to be no way of configuring the app that I can find so I will live without it. Does anyone know of another app which protects the Qnap without crippling it?