Quote:Owners of popular QNAP Systems network attached storage (NAS) devices are being warned that a malicious cryptocurrency campaign is actively exploiting two critical firmware bugs in systems that have not yet been patched.
QNAP fixed the flaws in October 2020; however, researchers at Qihoo 360’s Network Security Research Lab report a widening campaign targeting over 100 unpatched firmware versions used by 4.3 million of the company’s NAS devices.
The bugs affect prior versions of QNAP’s 3.0.3 Helpdesk firmware. The bug, tracked as CVE-2020-2506, is an improper-access-control vulnerability that allows attackers to obtain control of a QNAP device. The second flaw, identified as CVE-2020-2507, is a “command injection vulnerability [and] could allow remote attackers to run arbitrary commands,” according to an October QNAP security advisory.
Disproportionately impacted are the 1.1 million QNAP NAS users within the United States (554,481) and China (550,465) – representing nearly 80 percent of total global infections, according to a recent mapping of QNAP devices visible online.
Researchers at 360 Netlab are calling the crypto-mining malware infecting the devices UnityMiner. It is unclear what the history of UnityMiner is and who is behind it, as there doesn’t appear to be any previous reports on the malware.
“We named the mining program UnityMiner, we noticed the attacker customized the program by hiding the mining process and the real CPU memory resource usage information, so when the QNAP users check the system usage via the WEB management interface, they cannot see the abnormal system behavior,” wrote 360 Netlab’s in a recently published analysis.
Read more: https://threatpost.com/miner-campaign-ta...as/164580/
![[-]](https://www.geeks.fyi/images/collapse.png)
