QSnatch
QSnatch is the name of a newly discovered piece of malware aimed against QNAP NAS equipment exclusively. Capable of causing varying damage, Qsnatch installs itself into the firmware of the targeted Network Attached Storage device directly before establishing a communication channel with a remote Command-and-Control (C&C) server.
Researchers consider QSnatch an updated variant of the Caphaw malware which used to infect individual rather than networked devices.
QSnatch’s communication with the C&C occurs via specific domain generation algorithms. As a result, the malware is able not only to retrieve the login credentials of the targeted QNAP NAS device but also disable QNAP’s proprietary MalwareRemoval App. Last but not least, QSnatch also will disable firmware updates because a vendor-provided update could neutralize QSnatch if installed. However, such an update may not work 100%, which is why a complete factory reset of the device is the only guaranteed solution. The downside is that resetting a QNAP NAS device to its factory settings will obliterate all the data it had stored beforehand. Moreover, it also would delete user accounts, login credentials, as well as any existing firmware and/or software.
That is why, if a factory reboot proves inevitable, you should then perform a bunch of operations to restore the full functionality of the QNAP NAS device. You will have to set up new user accounts, new corresponding passwords, as well as update the firmware and install a malware removal software. Needless to say, providing adequate firewall protection is a must, as well.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.