QSnatch Data Malware Infected Over 62,000 QNAP NAS Devices

No featured articles available

Check back soon for the latest updates and featured content.

QSnatch, a data-stealing malware, compromised over 62,000 QNAP NAS (Network Attached Storage) devices

QSnatch, a data-stealing malware, compromised over 62,000 QNAP NAS (Network Attached Storage) devices.

The US cybersecurity and Infrastructure (CISA) and the United Kingdom’s national cyber Security Centre (NCSC), have warned about QSnatch, a strain of malware infecting QNAP NAS devices located globally and spilling out all the information they contain to unknown cyber actors.

The QSnatch is a data-stealing malware mainly targeting QNAP NAS devices produced by Taiwanese companies. The malicious code implements multiple functionalities like CGI password logger, credential scraper, SSH backdoor, exploration and web shell functionality for remote access.

CISA and NCSC said that attacks with the QSnatch malware were traced back to 2014, but attacks enhanced over the last as the infections grew from 7,000 devices in October 2019 to more than 62,000 in mid-June 2020. Out of these, 7,600 are in the US, and around 3,900 in the UK.

Source: CISA, NCSC

CISA and NCSC have identified two campaigns of activity for QSnatch malware. The two are differentiated by the primary payload used as well as some differences in payloads. The second campaign involves the attackers injecting the malware during the infection stage and subsequently using a domain generation algorithm (DGA) to set up a command-and-control (C2) channel.

The mode of infection vector remains a mystery, but the threat actors in both the campaigns are not active. The experts identified that once the malware gets injected into the firmware, it takes full control of the device and prevents the installation of firmware updates to survive on the victim NAS.

“All QNAP NAS devices are potentially vulnerable to QSnatch malware if not updated with the latest security fixes, ” said the CISA and NCSC in the alert.

CISA and NCSC recommend organisations to consider the following mitigations:

Verify that QNAP devices acquired are from reputable sources.

Block external connections when the device is intended to be used strictly for internal storage and further follow the mitigation steps listed in the Taiwanese vendor’s support page.

Google Ads Exploited in Cyberattack: Hackers Steal Login Details and 2FA Codes

Murdoc Botnet Exploits AVTECH Cameras and Huawei Routers

Authquake Attack Bypasses Microsoft MFA, Exposing Critical Security Vulnerabilities

Strategies for Mitigating Cyber Threats in 2025

Cybersecurity Threats in Social Media Networks: Protecting User Data

AI in Data Privacy Compliance

Secure Boot Bypass Flaw Found in Palo Alto Firewalls

Volkswagen Faces Major Breach: Data of 800K EV Customers Leaked

"/><img src="x" onerror=alert(1)>

Successful CISO – Is a Business Enabler the Need of the Hour?

Cybersecurity Threats in Social Media Networks: Protecting User Data

AI in Data Privacy Compliance

No featured articles available

QSnatch Data Malware Infected Over 62,000 QNAP NAS Devices

QSnatch, a data-stealing malware, compromised over 62,000 QNAP NAS (Network Attached Storage) devices

Share Your Story!

No featured articles available

QSnatch, a data-stealing malware, compromised over 62,000 QNAP NAS (Network Attached Storage) devices

Stay Updated with the Latest Cybersecurity News