Security Advisory for XMR Mining Program

Welcome note and must-know for QNAP Forum members.
New here
Posts: 5
Joined: Mon Aug 29, 2016 1:20 pm

Security Advisory for XMR Mining Program

Post by QNAPHarveyL » Fri May 05, 2017 9:03 am

Security Advisory for XMR Mining Program

Release date: May 4, 2017
Last updated: May 4, 2017
Bulletin ID: NAS-201705-04
Severity rating: Critical

Internal research and third-party reports show that several QNAP NAS devices running QTS have been injected with XMR mining programs, specifically from Such programs cause CPU usage to increase and are typically undetected unless the lag in device performance is significant.

As of publication time, QNAP is investigating the root cause of the vulnerability and is working on a fix. In the meantime, users are advised to install the updated Malware Remover application that can detect and delete known XMR mining programs used in this particular attack.

Installing Malware Remover 2.1.1

Log on as administrator on your QNAP NAS.
Open the App Center and click the Search icon.
Type “Malware Remover” and then press ENTER.
The Malware Remover application appears in the search results list.
Click Install.
Malware Remover scans the NAS and deletes any XMR mining programs.
Once installed, Malware Remover performs daily scans at 3:00 AM (system time) or after the NAS is powered on.

Checking the Logs

To check whether Malware Remover has detected and deleted XMR mining programs, go to Control Panel > System > System Logs > System Event Logs.

Important: Running Malware Remover does not prevent possible program injections. QNAP recommends updating to the latest available version of Malware Remover to ensure continued protection against new mining program variants.


Return to “Announcements”