Hackers Target QNAP NAS Devices with Crypto-Mining Malware

If you have a QNAP network-attached storage drive, you need to go and patch it now. Earlier in March 2020, security researchers at Qihoo's 360 Netlab identified a vulnerability in QNAP NAS devices under active exploitation.

Patch Your QNAP NAS

Attackers are attempting to take control of QNAP NAS hardware to install cryptocurrency mining malware, which mines cryptocurrency on behalf of the attacker.

The research team at 360 Netlab believes there are over 4 million vulnerable QNAP NAS devices online with over 950,000 unique IP addresses, all mapped using Qihoo's Quake mapping system.

The vulnerability relates to two remote command execution vulnerabilities,




, which, when exploited, allows the attacker to gain root privilege on the compromised NAS. Once an attacker has root access, they can do almost what they want on the machine.

Although the vulnerabilities are serious, the research team has not made its exploit proof-of-concept public nor released any technical details relating to the vulnerabilities, giving affected QNAP users time to patch their hardware.

Any QNAP NAS device with firmware

installed before August 2020

is currently vulnerable to the exploit, covering around 100 different versions of QNAP's NAS firmware. The

Qihoo 360 Netlab blog post

details the crypto-mining malware in more detail, including every firmware version currently affected.


The Best NAS for Home Media Servers and Shared Storage

QNAP NAS users should head to the

QNAP patch page

, download the latest patches, and install them as soon as possible. While QNAP hasn't yet made a direct response to Qihoo's revelations regarding the vulnerability, this is the most recent patch available for the hardware.

QNAP NAS Boxes Previously Targeted

This isn't the first time QNAP's NAS hardware has been targeted.

In December 2020, QNAP issued a warning regarding two high-severity cross-site scripting bugs that allowed an attacker remote access. Before that, in September 2020, QNAP users were hit by the AgeLocker ransomware, which infected thousands of publicly exposed QNAP NAS devices.


FreeNAS vs. OpenMediaVault vs. Amahi: What's the Best DIY NAS?

Yet another ransomware variant also specifically targeted QNAP NAS devices, too, the big giveaway being the name: QNAPCrypt. That said, the QNAPCrypt ransomware also targeted other NAS providers, such as Synology, Seagate, and Netgear.

For the time being, QNAP users should head to the previously linked patch page and follow the instructions to protect online devices.





The 7 Best NAS Hard Drives

If you're looking to invest in network attached storage, you'll need a NAS hard drive. We're rounded up the best NAS hard drives to get you started.

Read Next

Related Topics


Tech News



About The Author

Gavin Phillips

(926 Articles Published)

Gavin is the Junior Editor for Windows and Technology Explained, a regular contributor to the Really Useful Podcast, and a regular product reviewer. He has a BA (Hons) Contemporary Writing with Digital Art Practices pillaged from the hills of Devon, as well as over a decade of professional writing experience. He enjoys copious amounts of tea, board games, and football.

More From Gavin Phillips

Subscribe to our newsletter

Join our newsletter for tech tips, reviews, free ebooks, and exclusive deals!

Click here to subscribe