Skip to main content

QNAP warns users of a new crypto-miner named Dovecat infecting their devices

 


QNAP says the malware is targeting NAS devices with weak passwords.

Taiwanese hardware vendor QNAP has published a security advisory today warning customers of a new malware strain named Dovecat that is currently targeting its line of network-attached storage (NAS) devices to abuse local resources and mine cryptocurrency behind users' backs.

The company said the malware is currently spreading by connecting to QNAP NAS systems left exposed online using weak passwords.

Today's security advisory comes after the company began receiving reports from its users last year about two unknown processes —named dovecat [12] and dedpma— that were running non-stop and consuming the device's memory.

dovecat-process.png

Matthew Ruffell, a Canonical software engineer and the founder of Dapper Linux, analyzed the malware last year when it found it on an Ubuntu system.

According to his analysis, the malware was capable of infecting any Linux system but appeared to have been specifically designed for the internal structure of QNAP NAS devices.

The use of the "dovecat" process name wasn't accidental either, as the malware tried to pass as Dovecot, a legitimate email daemon that ships with the QNAP firmware and many Linux distros.

But as Ruffell pointed out, Dovecat attacks were indiscriminate. Similar infections were also reported by users of Synology NAS devices, where the malware also appeared to have managed to run without problems.

Since the infection vector was linked to weak passwords, to prevent infections with this new threat, QNAP told users to:

  • Use stronger admin passwords.
  • Use stronger passwords for database administrators.
  • Disable SSH and Telnet services if not in use.
  • Disable unused services and apps.
  • Avoid using default port numbers (80, 443, 8080 and 8081).
  • Update QTS to the latest version.
  • Install the latest version of Malware Remover.
  • Install Security Counselor and run with Intermediate Security Policy (or above).
  • Install a firewall.
  • Enable Network Access Protection to protect accounts from brute force attacks.
  • Follow best practices for enhancing NAS security.

But in the grand scheme of things, Dovecat is not the first malware strain to target QNAP devices. 

QNAP storage systems were also previously targeted by the Muhstik ransomware, the QSnatch malware, the ec0raix ransomware, and the AgeLocker ransomware.

Source: zdnet.com


PS. In our blog pages we got hidden links where you can earn cryptocurrency for free.

Comments

Post a Comment

Contact us

Name

Email *

Message *

Popular posts from this blog

For my haters

₿  This is for people who told me to not put my money in Bitcoin 10 years ago 😂 RIP doubters and haters. #Bitcoin 💀 pic.twitter.com/sbuDljJtMv — Carl ₿ MENGER ⚡️🇸🇻 (@CarlBMenger) May 13, 2025
Post a Comment
Read more

Coinbase to Require Recipient Information for Crypto Transfers From Users in Canada, Singapore and Japan

  Customers in those countries who send crypto outside their Coinbase accounts must provide recipients’ names, addresses and in some cases, additional information, as of early April. Cryptocurrency exchange Coinbase Global (COIN) will soon require its customers in Canada, Japan and Singapore who send cryptocurrency to another financial institution or exchange to provide the name, address and in the case of Japan, the destination wallet of the recipient. Coinbase has been sending notices to its customers in those countries that the changes will take effect in early April in order to comply with local travel rules in those places. Coinbase didn't immediately respond to requests for additional comment on the moves, but confirmed that they were taking place. The move  does not seem to be going over well  with Coinbase customers in those countries, who value the anonymity of transactions using cryptocurrency. According to a  FAQ provided by Coinbase , for Canadian users, ...
Post a Comment
Read more

Jupiter plugin on your site

 Jupiter launches Jupiter Plugin , a customizable plugin that doesn't require RPC. PANews reported on August 7th that Jupiter announced the launch of the Jupiter Plugin.  This is an open-source, lightweight, plug-and-play version of Jupiter that allows users to seamlessly integrate end-to-end swap functionality into their applications with minimal effort.  Users can deploy it by simply adding a few lines of code.  Seamless Integration Embed Jupiter's Swap functionality directly into your application without redirection.  Multiple display options: Choose between integrated, widget or modal display modes.  Customizable options: Configure the exchange form to suit your application needs.  No RPC: Plugins can be integrated without any RPC, Ultra is responsible for handling transaction sending, wallet balance and token information.  Ultra Mode: Access all Ultra Mode features. Enjoy!
Post a Comment
Read more