ZDNet reports that network-attached storage devices built by Taiwanese hardware firm QNAP are being subjected to a wave of attacks that use a cryptocurrency mining malware known as UnityMiner. The attack was first reported on March 2 by researchers at 360Netlab, who pointed to two vulnerabilities identified as CVE-2020-2506 and CVE-2020-2507. QNAP said the flaws comprise a command injection vulnerability and improper access control, which threat actors can capitalize on to initiate remote code execution and take over the NAS devices. The UnityMiner malware reportedly uses a version of the open source XMRig Monero miner malware and is capable of hiding its activities on a compromised device by altering reported CPU memory use. The miner is currently compatible with ARM64 and AMD64 CPUs and uses half of available cores for mining. 360Netlab researchers claim that “hundreds of thousands” of NAS devices created by QNAP remain unpatched and online, and a recent online mapping scan revealed more than 4 million QNAP NAS devices that are potentially vulnerable to attacks.
Jill Aitoro leads editorial for SC Media, and content strategy for parent company CyberRisk Alliance. She 20 years of experience editing and reporting on technology, business and policy.
How continuous threat exposure management (CTEM) discovers, prioritizes, and validates potential risks and aligns remediation with business goals and compliance frameworks.
Reemergent Zloader trojan has been updated once again by its operators to include an anti-analysis feature restricting binary execution to compromised machines, which is similar to one observed in exposed Zeus banking trojan 2.x source code, according to The Hacker News.