Threat Management

UnityMiner cryptocurrency malware hijacks QNAP storage devices

ZDNet reports that network-attached storage devices built by Taiwanese hardware firm QNAP are being subjected to a wave of attacks that use a cryptocurrency mining malware known as UnityMiner. The attack was first reported on March 2 by researchers at 360Netlab, who pointed to two vulnerabilities identified as CVE-2020-2506 and CVE-2020-2507. QNAP said the flaws comprise a command injection vulnerability and improper access control, which threat actors can capitalize on to initiate remote code execution and take over the NAS devices. The UnityMiner malware reportedly uses a version of the open source XMRig Monero miner malware and is capable of hiding its activities on a compromised device by altering reported CPU memory use. The miner is currently compatible with ARM64 and AMD64 CPUs and uses half of available cores for mining. 360Netlab researchers claim that “hundreds of thousands” of NAS devices created by QNAP remain unpatched and online, and a recent online mapping scan revealed more than 4 million QNAP NAS devices that are potentially vulnerable to attacks.
Jill Aitoro

Jill Aitoro leads editorial for SC Media, and content strategy for parent company CyberRisk Alliance. She 20 years of experience editing and reporting on technology, business and policy.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.