Search

Security ID : NAS-201911-01

Security Advisory for Malware QSnatch

  • Release date : November 1, 2019

  • CVE identifier : N/A

  • Affected products: QNAP NAS devices

Severity

Important

Status

Resolved

Recommendation

To prevent malware infections, we strongly recommend the following steps:

  1. Update QTS to the latest available version.
  2. Install and update Malware Remover to the latest version.
  3. Install and update Security Counselor to the latest version.
  4. Update your installed QTS applications to the latest versions if available in the App Center.
  5. Configure the following settings to enhance system security.

    Important: QSnatch collects confidential information from infected devices, such as login credentials and system configuration. Due to these data breach concerns, QNAP devices that had been infected may still be vulnerable to reinfection after removing the malware. We strongly recommend applying these settings to further secure your system and to prevent reinfection.

    1. Change the admin password.
    2. Change other user passwords.
    3. Change QNAP ID password.
    4. Use a stronger database root password
    5. Remove unknown or suspicious accounts.
    6. Enable IP and account access protection to prevent brute force attacks.
    7. Disable SSH and Telnet connections if you are not using these services.
    8. Disable Web Server, SQL server or phpMyAdmin app if you are not using these applications.
    9. Remove malfunctioning, unknown, or suspicious apps
    10. Avoid using default port numbers, such as 22, 443, 80, 8080 and 8081.
    11. Disable Auto Router Configuration and Publish Services and restrict Access Control in myQNAPcloud.
    12. Subscribe to QNAP security newsletters.

    Note:

    • Malware Remover (supported by QTS 4.2 and later) and Security Counselor (supported by QTS 4.3.5 and later) may not be available on older QNAP NAS models. You can check the product support status of your NAS model.
    • Installing Security Counselor helps further enhance the security of your NAS. Nevertheless, you can still protect your device from the QSnatch malware following other steps without Security Counselor.

Installing the QTS Update

  1. Log on to QTS as administrator.
  2. Go to Control Panel > System > Firmware Update.
  3. Under Live Update, click Check for Update.
    QTS downloads and installs the latest available update.

Installing and Running the Latest Version of Malware Remover

  1. Log on to QTS as administrator.
  2. Open App Center, and then click .
    The manual installation dialog box appears.
  3. Read the instructions, and then click Browse.
    The file browser appears.
  4. Locate and select the installer file.
  5. Click Install.
    A confirmation message appears.
  6. Click OK.
    QTS installs the latest version of Malware Remover.
    A confirmation message appears.
  7. Click OK.
    The required updates dialog box appears.
  8. Click Update Now.
    QTS updates Malware Remover to the latest version.
  9. Open Malware Remover.
  10. Click Start Scan.
    Malware Remover scans the NAS for malware.

Installing and running the latest version of Security Counselor

  1. Log on to QTS as administrator.
  2. Open the App Center, and then click the Search icon.
    A search box appears.
  3. Type “Security Counselor”, and then press ENTER.
    The Security Counselor application appears in the search results list.
  4. Click Install or Update.
    A confirmation message appears.
  5. Click OK.
    The application is installed or updated to the latest version.
  6. Open Security Counselor.
  7. Click Start Scan.
    Security Counselor scans the NAS for rules.

Changing the Admin Password

  1. Log on to QTS as administrator.
  2. Click the profile picture on the QTS Task Bar.
    The Options window opens.
  3. Click Change Password.
  4. Specify the old password.
  5. Specify the new password.
    QNAP recommends the following criteria to improve password strength:
    • Should be at least 8 characters in length
    • Should include both uppercase and lowercase characters
    • Should include at least one number and one special character
    • Must not be the same as the username or the username reversed
    • Must not include characters that are consecutively repeated three or more times
  6. Verify the new password.
  7. Click Apply.

Changing User Passwords

  1. Log on to QTS as administrator.
  2. Go to Control Panel > Privilege > Users.
  3. Select a user.
  4. Click Change Password.
    The Change Password window appears.
  5. Specify the old password.
  6. Specify the new password.
    QNAP recommends the following criteria to improve password strength:
    • Should be at least 8 characters in length
    • Should include both uppercase and lowercase characters
    • Should include at least one number and one special character
    • Must not be the same as the username or the username reversed
    • Must not include characters that are consecutively repeated three or more times
  7. Verify the new password.
  8. Click Apply.
  9. Repeat the above steps to change passwords for other users.

Changing QNAP ID Password

  1. Go to https://account.qnap.com
  2. Sign in with your QNAP account.
  3. Select Change Password.
  4. Specify the old password.
  5. Specify the new password.
  6. Confirm the new password.
  7. Click Submit.

Removing Unknown or Suspicious Users.

  1. Log on to QTS as administrator.
  2. Go to Control Panel > Privilege > Users.
  3. Verify all users on the list.
  4. Select unknown or suspicious users.
  5. Click Delete.
    A confirmation message appears.
  6. Click OK.

Enabling IP and Account Access Protection

  1. Log on to QTS as administrator.
  2. Go to Control Panel > System > Security.
  3. Select IP Access Protection.
  4. Enable SSH and HTTP(s) access protection.
    1. Select SSH and HTTP(S).
    2. Specify time periods and the number of failed login attempts.
  5. Select Account Access Protection.
  6. Enable SSH and HTTP(s) access protection.
    1. Select SSH and HTTP(S).
    2. Specify time periods and the number of failed login attempts.
  7. Click Apply.

Disabling SSH and Telnet Connections

  1. Log on to QTS as administrator.
  2. Go to Control Panel > Network & File Services > Telnet/SSH.
  3. Deselect Allow Telnet connection.
  4. Deselect Allow SSH connection.
  5. Click Apply.

Disabling Web Server

  1. Log on to QTS as administrator.
  2. Go to Control Panel > Applications > Web Server.
  3. Deselect Enable Web Server.
  4. Click Apply.

Disabling SQL Server

  1. Log on to QTS as administrator.
  2. Go to Control Panel > Applications > SQL Server.
  3. Deselect Enable SQL Server.
  4. Click Apply.

Changing the System Port Number

  1. Log on to QTS as administrator.
  2. Go to Control Panel > System > General Settings > System Administration.
  3. Specify a new system port number.
    Warning: Do not use 22, 443, 80, 8080 or 8081.
  4. Click Apply.

Changing myQNAPcloud Settings

  1. Log on to QTS as administrator.
  2. Open myQNAPcloud.
  3. Go to Auto Router Configuration.
  4. Deselect Enable UPnP port forwarding.
  5. Go to Access Control.
  6. Set Device access controls to Private.
  7. Click Apply.

Subscribing to QNAP Security Newsletters

  1. Go to https://www.qnap.com/i/_event/epaper/index.php?lang_set=safe
  2. Specify your email address.
  3. Click Subscribe.
    QNAP sends a confirmation letter to the specified email address.
  4. Open the confirmation letter in your email inbox.
  5. Click the link to confirm your subscription.

Revision History:
V6.0 (January 9, 2020) - Revised recommendation
V5.0 (December 31, 2019) - Revised recommendation
V4.0 (December 27, 2019) - Revised recommendation
V3.0 (November 19, 2019) - Revised recommendation
V2.0 (November 2, 2019) - Update

Choose specification

      Show more Less

      Choose Your Country or Region

      open menu
      back to top