QNAP Warns NAS Users of dovecat Malware Attacks

22 January 2021

QNAP Warns NAS Users of dovecat Malware Attacks

QNAP this week warned users of attacks targeting QNAP NAS (network-attached storage) devices with a piece of malware named “dovecat.”

The networking and storage solutions provider says it has received reports from users who had their devices infected with the malware, and, after analyzing the attacks, discovered that the use of weak passwords on Internet-connected devices was the root cause of infection.

The cybercriminals behind dovecat, QNAP explains, are installing Bitcoin miners on the compromised NAS devices, without user consent.

In a November 2020 knowledgebase article, the company pointed out that users of any NAS model series can detect potential compromise by looking for a dovecat process running on their devices.

At the time, the company also encouraged users to report all identified infections, and to ensure that they are running the latest versions of the NAS firmware and Malware Remover.

This week, the company also urged users to update the QTS operating system to the latest version, install Security Counselor and execute it with Intermediate Security Policy (or above), install a firewall, and enable Network Access Protection, so that accounts are protected from brute force attacks.

Furthermore, users should make sure that strong administrative passwords are set on their devices, and that any SSH and Telnet services that are not in use are disabled, along with any other unused services and apps.

QNAP also tells users they should avoid using default port numbers (such as 80, 443, 8080, and 8081), and encourages them to enhance the security of their NAS devices by following best practices that the company has already detailed.

“These actions can further enhance NAS security and make it harder for dovecat to enter your QNAP NAS,” the company says, adding that it is focused on developing a solution that will help users remove the dovecat malware from the infected devices.