TS-453A qsnatch malware on mac

Questions about using NAS on Mac OS.
Post Reply
Clive-D
First post
Posts: 1
Joined: Thu Mar 11, 2021 2:44 am

TS-453A qsnatch malware on mac

Post by Clive-D » Fri Mar 12, 2021 4:32 am

Hi all. Newby here, only know Mac from 1990 so QNAP UI has been a challenge and I avoided any updates. Result is my ISP alerted me to malware.

I spoke to someone in tech support who said emphatically don’t update firmware if you have qsnatch, open a ticket and we will book a call to step you thru what to do. I got no response from the ticket so did another and yesterday got a reply with how to update firmware and install anti virus!

So I have backed up the drive, fortunately only 200gb or so and here’s my problem. The NAS shows up in the finder with all the folders but it will not connect via IP address so I can’t access the control panel. I’ve read qsnatch can lock out admin accounts which is likely what’s happened.

Any ideas please advise.
Cheers

User avatar
dolbyman
Guru
Posts: 22760
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: TS-453A qsnatch malware on mac

Post by dolbyman » Fri Mar 12, 2021 5:11 am

title is confusing .. sound like you have qsnatch infection on your mac

backups are before it's to late .. not after

try to connect to NAS via WinSCP to recover your data (no idea if there is an equivalent for mac here)

User avatar
Moogle Stiltzkin
Ask me anything
Posts: 9878
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: TS-453A qsnatch malware on mac

Post by Moogle Stiltzkin » Fri Mar 12, 2021 9:14 am

how exactly are you using your nas? are you using it on lan, or are you also using it remotely over the internet? if it's the later, are you using a vpn to connect to your vpn, or without?

there are a few reasons why you got qsnatch

1. your nas is exposed to the internet. you did not use vpn, and just simply port forward your nas including 8080 so then things like zero day vulnerabilities or even just a regular vulnerability which was unpatched, meaning you didn't update as regularly as you should have

2. maybe you did later update, but you did not properly disinfect qsnatch first. malware remover may not have been enuff. so additional steps may have been required to fully disinfect, which would entail formating the drives (pulling them out from nas and formating using your pc), reflashing the dom, updating QTS, reinitializing your nas from scratch.
https://wiki.qnap.com/wiki/Firmware_Recovery

3. you don't keep backups. so after a disaster you have no good options for what to do, because you put yourself in a bad position by not having any recovery options in any disaster event.
https://www.reddit.com/r/qnap/comments/ ... _a_backup/

4. besides your nas, also check your other hardware on the same network such as.... your router, clients e.g. pcs, mobiles etc. Update everything...... from android, windows10, router firmware, everything. Maybe run a windows defender on your pc as well just to be sure there is no malware being distributed over the network just in case.

5. If you are serious about being least likely to get hit by malware, DO NOT expose nas online by portforwarding. Check your router, do not use UPNP, do not portforward the QNAP. If remote access over internet is required, USE a vpn, and update qts regularly (after first checking if firmware is stable BEFORE updating).

6. When your QNAP becomes EOL, as in security updates are no longer provided for, i'd suggest not doing remote with it (might be fine on lan), or to replace qts with an alternative os like unraid or something else.



in summary for what to do

1. disinfect your nas first
2. update qts
3. do not expose nas online, now you know why
4. keep backups
NAS
[Main Server] QNAP TS-877 w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A w. 5x 2TB Samsung F3 (HD203WI) EXT4 Raid5
[Backup] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-659 Pro II
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D
[^] QNAP TS-228
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100dl/50ul MBPS FTTH Internet | Win10, WC PC-Intel i7 920 Ivy bridge desktop (1x 512gb Samsung 850 Pro SSD + 1x 4tb HGST Ultrastar 7K4000)


Guides & articles
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin

Post Reply

Return to “Mac OS”