ZDNet reports that network-attached storage devices built by Taiwanese hardware firm QNAP are being subjected to a wave of attacks that use a cryptocurrency mining malware known as UnityMiner. The attack was first reported on March 2 by researchers at 360Netlab, who pointed to two vulnerabilities identified as CVE-2020-2506 and CVE-2020-2507. QNAP said the flaws comprise a command injection vulnerability and improper access control, which threat actors can capitalize on to initiate remote code execution and take over the NAS devices. The UnityMiner malware reportedly uses a version of the open source XMRig Monero miner malware and is capable of hiding its activities on a compromised device by altering reported CPU memory use. The miner is currently compatible with ARM64 and AMD64 CPUs and uses half of available cores for mining. 360Netlab researchers claim that “hundreds of thousands” of NAS devices created by QNAP remain unpatched and online, and a recent online mapping scan revealed more than 4 million QNAP NAS devices that are potentially vulnerable to attacks.
Threat intelligence
UnityMiner cryptocurrency malware hijacks QNAP storage devices
Jill Aitoro
Jill Aitoro is senior vice president of content strategy for CyberRisk Alliance. She has more than 20 years of experience editing and reporting on technology, business and policy. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news