Taiwanese storage maker QNAP has warned users of a malware strain that consumes large amounts of CPU and memory to mine cryptocurrency without the owner’s consent. Reports of the Dovecat malware infecting QNAP devices have been circulating for a few months now, but a new one security advisory has only just been released by the manufacturer.
QNAP Network Attached Storage (NAS) devices appear to be at risk of infection if protected by weak user passwords. The Dovecat malware can run on any Linux device, but appears to be specifically designed to infect QNAP NAS devices.
While malware is more commonly associated with credential theft or disruption of essential functions, a new type of bitcoin miner malware has recently grown in popularity as the value of cryptocurrencies has risen. The number of sightings of malware for crypto mining even increased by 53% in the fourth quarter of last year.
In response to Dovecat’s discovery, QNAP provided detailed advice to users on how best to minimize the risk of contamination. This includes updating QTS to the latest version, installing a firewall, avoiding default port numbers, and following Best practices for NAS security.
QNAP users initially noticed that something was not quite right with their NAS device when they saw two processes, Dovecat and dedpma, which were constantly running and consuming large amounts of resources. The company published a support post in November confirming that the two processes were related to bitcoin mining malware.
The Dovecat infection is not the first time that QNAP has been targeted by a malware campaign. Previously, the storage company had to warn users about the QSnatch malware and multiple ransomware attempts.
Through Bleep computer