German computer emergency team, CERT-Bund announced that on Thursday approximately 7,000 QNAP NAS devices were infected and most of them were used in Germany.
Devices with old software had vulnerabilities and were easy to be infected. The scammers worked remotely connecting to QNAP through port forwarding.
The National Cyber Security Centre of Finland (NCSC-FI) reported about the attack. The experts of the department noticed the suspiciously large number of gadgets trying to contact a particular server.
The core malware was detected by Autoreporter of NCSC-FI, which automatically alerts security center about any incidents in the networks. Attackers injected a harmful code to control the device and get access to the firmware. Later it launches algorithm of domains activation and retrieves a wide range of malware programs, making a web request. After that, it deactivates the security tools on the device, and all the credentials become unprotected.
This virus can be removed, but treatment is not that simple. The update of firmware or Malware Remover program can fix problems, but QNAP is still working on solutions. QNAP also recommend victims to delete and reset all account passwords and keep up with security alerts with instructions.