Security Advisory for XMR Mining Program

[QNAPHarveyL]

Security Advisory for XMR Mining Program

Release date: May 4, 2017
Last updated: May 4, 2017
Bulletin ID: NAS-201705-04
Severity rating: Critical

Summary
Internal research and third-party reports show that several QNAP NAS devices running QTS have been injected with XMR mining programs, specifically from mineXMR.com. Such programs cause CPU usage to increase and are typically undetected unless the lag in device performance is significant.

As of publication time, QNAP is investigating the root cause of the vulnerability and is working on a fix. In the meantime, users are advised to install the updated Malware Remover application that can detect and delete known XMR mining programs used in this particular attack.

Solution
Installing Malware Remover 2.1.1

Log on as administrator on your QNAP NAS.
Open the App Center and click the Search icon.
Type “Malware Remover” and then press ENTER.
The Malware Remover application appears in the search results list.
Click Install.
Malware Remover scans the NAS and deletes any XMR mining programs.
Once installed, Malware Remover performs daily scans at 3:00 AM (system time) or after the NAS is powered on.

Checking the Logs

To check whether Malware Remover has detected and deleted XMR mining programs, go to Control Panel > System > System Logs > System Event Logs.

Important: Running Malware Remover does not prevent possible program injections. QNAP recommends updating to the latest available version of Malware Remover to ensure continued protection against new mining program variants.

https://www.qnap.com/en/support/con_show.php?cid=116