Bitcoin Miner [oom_reaper]
Release date: December 7, 2021
Security ID: QSA-21-56
Affected products: All QNAP NAS
Summary
A bitcoin miner has been reported to target QNAP NAS. Once a NAS is infected, CPU usage becomes unusually high where a process named "[oom_reaper]" could occupy around 50% of the total CPU usage. This process mimics a kernel process but its PID is usually greater than 1000.
We strongly recommend users to act immediately to protect their device.
If you have any questions regarding this issue, please contact us through the QNAP Helpdesk.
Recommendation
To protect your device from infection, we recommend the following actions:
- Update QTS or QuTS hero to the latest version.
- Install and update Malware Remover to the latest version.
- Use stronger passwords for your administrator and other user accounts.
- Update all installed applications to their latest versions.
- Do not expose your NAS to the internet, or avoid using default system port numbers 443 and 8080.
Updating QTS or QuTS hero
- Log on to QTS or QuTS hero as administrator.
- Go to Control Panel > System > Firmware Update.
- Under Live Update, click Check for Update.
QTS or QuTS hero downloads and installs the latest available update.
- Log on to QTS or QuTS hero as administrator.
- Open the App Center and then click .
A search box appears. - Enter "Malware Remover".
Malware Remover appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your Malware Remover is already up to date. - Click OK.
The application is updated.
- Log on to QTS or QuTS hero as administrator.
- Click the profile picture on the QTS or QuTS hero Task Bar.
The Options window opens. - Click Change Password.
- Specify the old password.
- Specify the new password.
QNAP recommends the following criteria to improve password strength:- At least 8 characters in length
- Include both uppercase and lowercase characters
- Include at least one number and one special character
- Must not be the same as the username or the username reversed
- Must not include characters that are consecutively repeated three or more times
- Verify the new password.
- Click Apply.
- Log on to QTS or QuTS hero as administrator.
- Go to Control Panel > Privilege > Users.
- Select a user.
- Click Change Password.
The Change Password window appears. - Specify the old password.
- Specify the new password.
QNAP recommends the following criteria to improve password strength:- At least 8 characters in length
- Include both uppercase and lowercase characters
- Include at least one number and one special character
- Must not be the same as the username or the username reversed
- Must not include characters that are consecutively repeated three or more times
- Verify the new password.
- Click Apply.
- Repeat the above steps to change passwords for other users.
- Log on to QTS or QuTS hero as administrator.
- Go to App Center.
- Select My Apps.
- Next to Install Updates, click All.
A confirmation message appears. - Click OK.
QTS or QuTS hero updates all your installed applications to their latest versions.
- Log on to QTS or QuTS hero as administrator.
- Go to Control Panel > System > General Settings > System Administration.
- Specify a new system port number.
Warning: Do not use 443 or 8080. - Click Apply.
QTS or QuTS hero applies the new system port number.
Revision History: V1.0 (December 7, 2021) - Published
If you have any questions regarding this issue, please contact us at https://www.qnap.com/go/support-ticket/.