IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

QNAP urges users to secure against Dovecat crypto-mining malware

The Monero-mining malware doesn't steal data but consumes large amounts of CPU and memory

QNAP has warned its customers that their network-attached storage (NAS) drives might be susceptible to infection by a malware strain known as Dovecat, which infects devices and silently mines cryptocurrency.

The firm has issued a security advisory warning its users about Dovecat, which might infect NAS devices when they’re connected to the internet with weak passwords, according to QNAP’s analysis. 

Reports of Dovecat infecting QNAP devices have been circulating for a few months, with security researcher Matthew Ruffell publishing a breakdown of the strain in October 2020. In this analysis, Ruffell revealed that Dovecat consumes a large amount of CPU and most of the system’s memory to mine Monero, slowing down the machine. 

He added the executable itself isn’t dangerous, in that it doesn’t steal data. All it does is consume computing resources for financial gain in the form of Monero. It can easily be removed by terminating the process and deleting the executable.

QNAP has advised its users to update its Linux-based operating system QTS on NAS drives to the latest version, install the latest version of its recommended antivirus software and install a firewall. Customers should also enable network access protection to protect accounts from brute force attacks, and use stronger passwords for database administrators.

Users should disable SSH and Telnet services if these aren’t in use, as well as disabling any unused services and apps. Finally, using default port numbers including 80, 443, 8080 and 8081 should be avoided.

The company said these measures will make it harder for Dovecat to enter NAS devices, with its Product Security Incident Response Team (PSIRT) working to develop a fix that’ll remove the malware from infected drives.

This is the latest threat faced by QNAP customers, after research published in July 2020 found that tends of thousands of NAS drives are potentially vulnerable to malware that prevents administrators from applying patches.

Although the QSnatch malware, also known as ‘Derek’, is no longer active, the National Cyber Security Centre (NCSC) and US Cybersecurity and Infrastructure Security Agency (CISA) suggested many devices across the world may still be infected.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021

Most Popular

Open source packages with millions of installs hacked to harvest AWS credentials
hacking

Open source packages with millions of installs hacked to harvest AWS credentials

24 May 2022
Europe's first autonomous petrol station opens in Lisbon
automation

Europe's first autonomous petrol station opens in Lisbon

23 May 2022
Nvidia pauses hiring to help cope with inflation
Careers & training

Nvidia pauses hiring to help cope with inflation

23 May 2022