==================================================================== CERT-Renater Note d'Information No. 2017/VULN139 _____________________________________________________________________ DATE : 05/05/2017 HARDWARE PLATFORM(S): QNAP NAS. OPERATING SYSTEM(S): QTS. ===================================================================== https://www.qnap.com/en/support/con_show.php?cid=116 ____________________________________________________________________ Security Advisory for XMR Mining Program Release date: May 4, 2017 Last updated: May 4, 2017 Bulletin ID: NAS-201705-04 Severity rating: Critical Summary Internal research and third-party reports show that several QNAP NAS devices running QTS have been injected with XMR mining programs, specifically from mineXMR.com. Such programs cause CPU usage to increase and are typically undetected unless the lag in device performance is significant. As of publication time, QNAP is investigating the root cause of the vulnerability and is working on a fix. In the meantime, users are advised to install the updated Malware Remover application that can detect and delete known XMR mining programs used in this particular attack. Solution Installing Malware Remover 2.1.1 Log on as administrator on your QNAP NAS. Open the App Center and click the Search icon. Type “Malware Remover” and then press ENTER. The Malware Remover application appears in the search results list. Click Install. Malware Remover scans the NAS and deletes any XMR mining programs. Once installed, Malware Remover performs daily scans at 3:00 AM (system time) or after the NAS is powered on. Checking the Logs To check whether Malware Remover has detected and deleted XMR mining programs, go to Control Panel > System > System Logs > System Event Logs. Important: Running Malware Remover does not prevent possible program injections. QNAP recommends updating to the latest available version of Malware Remover to ensure continued protection against new mining program variants. ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================