QNAP NAS devices targeted by new bitcoin miner

Unsecured QNAP NAS devices are getting covertly saddled with a new bitcoin miner, QNAP has warned users.

“Once a NAS is infected, CPU usage becomes unusually high where a process named ‘[oom_reaper]’ could occupy around 50% of the total CPU usage. This process mimics a normal, legitimate kernel process with the same name. However, while the legitimate kernel process PID is usually below 1000, the bitcoin miner PID is usually greater than 1000,” the company explained.

How to remove the bitcoin miner and protect your QNAP NAS?

Network-attached storage (NAS) devices are often used by consumers and small-to-medium businesses for storing and sharing files and/or backups, and they are often exposed to the public internet.

While attacks aimed at achieving covert bitcoin mining are generally not as devastating as those employing ransomware or other sophisticated malware, they can still be a nuisance and result in unexpected costs.

QNAP has provided instructions on how consumers and SMB administrators can determine if the running process [oom_reaper] is normal system process or has been created by the bitcoin malware, and has offered advice on how to remove it (via the Malware Remover app or possibly even just by restarting the device).

It is generally a good idea to regularly update its firmware and software and not to expose the device to the internet. Alternatively, access to it could be allowed only from certain IP addresses (e.g., devices on the home or business network).

Account asswords should be complex and unique, and 2-step verification / 2-factor authentication should be used (if possible).