The number of QNAP network-attached storage (NAS) boxes infected with the data-stealing QSnatch malware has reached 62,000, the US and UK governments warned today.
A joint statement from America's Cybersecurity and Infrastructure Security Agency (CISA) and Britain's National Cyber Security Centre (NCSC) said the software nasty, first spotted in October, has increased its infection count from 7,000 devices that month to tens of thousands by mid-June, 2020, with "a particularly high number of infections in North America and Europe." It is estimated 7,600 hijacked QNAP boxes were in America, and 3,900 in the UK.
The situation is particularly messy because Taiwan-based QNAP has not, to the best of our knowledge, disclosed exactly how the malware breaks into vulnerable boxes, advising simply that owners should ensure the latest firmware is installed to prevent future infection. Judging from conversations people have had with the manufacturer's support desk, it appears there was a remotely exploitable hole in the firmware, perhaps down to the operating system level, which was fixed in November.