Screenshot : David Murphy ( Qnap )

I’m going to go ahead and pat myself on the back for setting up a Google Alert for the words “Qnap” and “malware.” I use one of the company’s NAS boxes, as do many others, and now I have a chance to inoculate my device against a nasty new strain of malware that’s making the rounds.




QSnatch, as the malware is known, injects code into the firmware of your QNAP NAS box, which then has the power to call to command-and-control server to dump additional code onto your device. Ultimately, writes the Finnish National Cyber Security Centre, QSnatch can perform the following:

Operating system timed jobs and scripts are modified (cronjob, init scripts)

Firmware updates are prevented via overwriting update sources completely

QNAP MalwareRemover App is prevented from being run

All usernames and passwords related to the device are retrieved and sent to the C2 server

The malware has modular capacity to load new features from the C2 servers for further activities

Call-home activity to the C2 servers is set to run with set intervals

In other words, your NAS box is basically hosed.

How can you prevent this? Fire up your NAS box, log into the web-based interface (which you can do, easy-mode, by installing Qfinder Pro), and update your device’s firmware. You’ll likely be prompted to do so, if an update is available, as soon as you log in. If not, there will be an option to check for updates within your NAS box’s Settings screen:

Screenshot : David Murphy


I’d click that just to make sure you’re running the latest version of QNAP’s firmware for your device. However, your NAS box might be old, like mine, and not have that update. Ugh. In that case, there are a few other steps you can try.

First, make sure you’re using the latest version of Qnap’s Security Counselor—if applicable. Pull up your Nas Box’s “App Center.” If Security Counselor is installed, you should be able to update it; if not, you should be able to find it and install it. Either way, open up the latest version of the app and run a full scan on your system.

It’s possible your older NAS Box might not be able to run Security Counselor. If so, let’s continue. You should also be able to install and run the “Malware Remover” app from the Security section of Qnap’s App Center. That’s at least a great way to remove QSnatch from your NAS box (even if nobody yet knows how it infects NAS boxes in the first place). Make sure you’re running version “3.5.4.0" or “4.5.4.0.” of the app, advises QNAP, to make sure it can detect and eliminate QSnatch.

QNAP also advises that you enable “IP and account access protection,” disable SSH and Telnet if you aren’t using these connections, and don’t use default port numbers on your NAS box—all settings you can easily change via QNAP’s helpful instructions.


Otherwise, if none of these solutions help—and you find your system infected—a full factory reset should clear the malware out. Don’t forget to back up your data elsewhere before you wipe everything.