Threat Management
UnityMiner cryptocurrency malware hijacks QNAP storage devices
ZDNet reports that network-attached storage devices built by Taiwanese hardware firm QNAP are being subjected to a wave of attacks that use a cryptocurrency mining malware known as UnityMiner. The attack was first reported on March 2 by researchers at 360Netlab, who pointed to two vulnerabilities identified as CVE-2020-2506 and CVE-2020-2507. QNAP said the flaws comprise a command injection vulnerability and improper access control, which threat actors can capitalize on to initiate remote code execution and take over the NAS devices. The UnityMiner malware reportedly uses a version of the open source XMRig Monero miner malware and is capable of hiding its activities on a compromised device by altering reported CPU memory use. The miner is currently compatible with ARM64 and AMD64 CPUs and uses half of available cores for mining. 360Netlab researchers claim that “hundreds of thousands” of NAS devices created by QNAP remain unpatched and online, and a recent online mapping scan revealed more than 4 million QNAP NAS devices that are potentially vulnerable to attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds