Warning for QNAP users

Streaming Audio
1

Saw this on the Roon forum so I thought I’d pass it on since there’s nothing here. Apparently there is also a QNAP malware removal tool.

Thousands of QNAP NAS devices have been infected with the QSnatch malware

3 Likes
2

Thanks. I no longer use my QNAP for anything important (I moved all my files to a dedicated Intel NUC running Roon ROCK), but I will take the relevant security measures just to be sure.

3

This is pretty old news. There have been a number of Malware threats on QNAP over the last 18 months or so. Some have come from poor security in their own apps. I stopped using their web access a while ago due to this. Keep up to date and have Malware remover running and you should be fine. Use two step authentication to.

1 Like
4

I have a QNAP NAS with all my music on it connected to my network. I have kept the NAS software up to date. How can I prevent possible malware infection. If I disconnect it from my switch and hence off internet , I won’t be able to stream to my streamer.
Thanks for the heads up just not sure what to do

5

Yep old news and this type of attack is not just down to QNAPs.

Remove unwanted apps, update the ones you need, apply latest QNAP firmware and the Malware remover tool.

Also within apps disable (stop) Download Station

To disconnect QNAP from WAN a static IP will need to be applied then remove gateway entry this will still be visible on the LAN. Or if you have a decent firewall you can block QNAP WAN access.

6

Most recommend to turn off qnap Cloud to.

7

Thanks for the heads up on this.
I’ve never heard of this before and didn’t have the AntiMalware app running, but do now.
I’ve just updated everything and turned off the Downloads app, and all other apps I don’t use…

8

I ended up shutting my QNAP down altogether. I no longer use it for anything important anyway. My FLAC library is now on an internal SSD of the NUC that runs Roon ROCK. I stopped using UPnP when I changed to Roon.

9

When I had my QNAP shutting down everything non-essential for Asset also improved sound quality, so you may find an unexpected additional benefit

1 Like
10

Same here actually. I got a Roon Nucleus. I’ve still got to get round to selling the QNAP…

11

I installed and ran the QNAP Malware tool for the first time last night. It said it found and removed a number of items! Who knew?!?!?!

12

Many months ago after discovering repeated attempts to connect to my QNAP from addresses that resolved to a Frankfurt ISP I went to Control Panel > System > Security and in the Allow/Deny list allowed connections only from addresses in my home IP range (plus the single loopback address of 127.0.0.1—which I seem to recall was required to allow Roon to run properly). Since then I have logged no unauthorised connection attempts.

Thank you, though, for those who mentioned the Malware Removal tool: now downloaded and installed as another precaution.

Stephen

1 Like
13

Loaded and ran the malware app.when you say shut off other apps do you delete them or is there a way to shut them off?Is there a separate download app?there are many apps that are preloaded with the QNAP do I delete if not in use. I only use Asset and the backup app
Thanks

14

From memory (which isn’t saying much), I just stopped the apps or uninstalled them.

15

I got the security email from QNAP and did all the recommended remedies. I have a question about the last one though. It says not to use port 8080 or 443.

image
image.png1608×508 24.8 KB
Screen Shot 2019-11-02 at 11.25.25 AM

What number do I use? And do I change both?

image
image.png1186×918 56.4 KB
Screen Shot 2019-11-02 at 11.27.43 AM

16

Any chance you can share that email from QNAP?

17

Hopefully this readable.

QNAP Security Advisory Bulletin ID: NAS-201911-01

\ 130x130

Taipei, Taiwan, November 2, 2019 - QNAP® had published security enhancement against security vulnerabilities that could affect specific versions of QNAP products. Please use the following information and solutions to correct the security issues and vulnerabilities.

Security Advisory for Malware QSnatch

Release date: November 1, 2019
Security ID: NAS-201911-01
Severity rating: High
CVE identifier : N/A
Affected products : QNAP NAS devices

Summary

The QSnatch malware is reportedly being used to target QNAP NAS devices. The National Cyber Security Center Finland (NCSC-FI) has received reports via the Autoreporter service in mid-October about infected devices attempting to communicate with specific command-and-control (C2) servers.

No other vulnerabilities have been found in the current investigation on the malware. We have added rules to remove the QSnatch malware and released Malware Remover 3.5.4.0 and 4.5.4.0.

If you have any questions regarding this issue, contact us through the QNAP Helpdesk.

Recommendation

To avoid attacks, we strongly recommend following the steps below:

  1. Update QTS to the latest version.
  2. Install and update Security Counselor to the latest version.
  3. Install and update Malware Remover to the latest version.
  4. Use a stronger admin password.
  5. Enable IP and account access protection to prevent brute force attacks.
  6. Disable SSH and Telnet connections if you are not using these services.
  7. Avoid using default port numbers 443 and 8080.

Installing the QTS Update

  1. Log on to QTS as administrator.
  2. Go to Control Panel > System > Firmware Update .
  3. Under Live Update , click Check for Update .
    QTS downloads and installs the latest available update.

Installing and running the latest version of Security Counselor

  1. Log on to QTS as administrator.
  2. Open the App Center , and then click the Search icon.
    A search box appears.
  3. Type “Security Counselor”, and then press ENTER .
    The Security Counselor application appears in the search results list.
  4. Click Install or Update .
    A confirmation message appears.
  5. Click OK .
    The application is installed or updated to the latest version.
  6. Open Security Counselor .
  7. Click Start Scan .
    Security Counselor scans the NAS for rules.

Installing and Running the Latest Version of Malware Remover

  1. Log on to QTS as administrator.
  2. Open App Center , and then click .
    The manual installation dialog box appears.
  3. Read the instructions, and then click Browse .
    The file browser appears.
  4. Locate and select the installer file.
  5. Click Install .
    A confirmation message appears.
  6. Click OK .
    QTS installs the latest version of Malware Remover.
    A confirmation message appears.
  7. Click OK .
    The required updates dialog box appears.
  8. Click Update Now .
    QTS updates Malware Remover to the latest version.
  9. Open Malware Remover.
  10. Click Start Scan .
    Malware Remover scans the NAS for malware.

Changing the Device Password

  1. Log on to QTS as administrator.
  2. Click the profile picture on the QTS Task Bar.
    The Options window opens.
  3. Click Change Password .
  4. Specify the old password.
  5. Specify the new password.
    QNAP recommends the following criteria to improve password strength:
  • Should be at least 8 characters in length
  • Should include both uppercase and lowercase characters
  • Should include at least one number and one special character
  • Must not be the same as the username or the username reversed
  • Must not include characters that are consecutively repeated three or more times
  1. Verify the new password.
  2. Click Apply .

Enabling IP and Account Access Protection

  1. Log on to QTS as administrator.
  2. Go to Control Panel > System > Security .
  3. Select IP Access Protection .
  4. Enable SSH and HTTP(s) access protection.
  • Select SSH and HTTP(S) .
  • Specify time periods and the number of failed login attempts.
  1. Select Account Access Protection .
  2. Enable SSH and HTTP(s) access protection.
  • Select SSH and HTTP(S) .
  • Specify time periods and the number of failed login attempts.
  1. Click Apply .

Disabling SSH and Telnet Connections

  1. Log on to QTS as administrator.
  2. Go to Control Panel > Network & File Services > Telnet/SSH .
  3. Deselect Allow Telnet connection .
  4. Deselect Allow SSH connection .
  5. Click Apply .

Changing the System Port Number

  1. Log on to QTS as administrator.
  2. Go to Control Panel > System > General Settings > System Administration .
  3. Specify a new system port number.
    Warning: Do not use 443 or 8080.
  4. Click Apply .

Revision history: V2.0 (November 2, 2019) - Updated
V1.0 (November 1, 2019) - Published

If you have any questions regarding this issue, please contact us at https://www.qnap.com/go/support-ticket/.

1 Like
18

Many Thanks @ElMarko

1 Like
19

Please note Security Counselor is only available on firmware release 4.3.5 older NAS boxes may only go up to firmware 4.3.3.

The Malware remover works on older 4.3.3.

1 Like
20

I installed Malware Remover and found that it denied access to both my Asset server and my Roon server which run on my Qnap.
I dumped Malware remover and normal service was restored so for me the cure was worse than the disease. There seems to be no way of configuring the app that I can find so I will live without it. Does anyone know of another app which protects the Qnap without crippling it?