Skip to main content

QNAP warns users of dangerous new Dovecat malware

Ransomware
(Image credit: Shutterstock)

Taiwanese storage manufacturer QNAP has warned users of a malware strain that consumes large amounts of CPU and memory to mine cryptocurrency without the owner’s consent. Reports of the Dovecat malware infecting QNAP devices have been circulating for a few months now but a new security advisory has only just been released by the manufacturer.

It seems that QNAP’s network-attached storage (NAS) devices are at risk of infection if they are protected by weak user passwords. The Dovecat malware is capable of running on any Linux device but appears to have been specifically designed to infect QNAP NAS devices.

Although malware may be more commonly associated with credential theft or disruption to essential features, a new type of bitcoin miner malware has increased in popularity of late as the value of cryptocurrencies has risen. In fact, sightings of crypto-mining malware rose by 53% in the fourth quarter of last year.

Mining malware

In response to the Dovecat discovery, QNAP has offered detailed advice for users regarding the best way of minimizing the risk of being infected. This includes updating QTS to the latest version, installing a firewall, avoiding default port numbers, and following NAS security best practices.

QNAP users initially noticed that something was not quite right with their NAS device when they spotted two processes, Dovecat and dedpma, running constantly and consuming large amounts of resources. The company issued a support post back in November confirming that the two processes were associated with bitcoin mining malware.

The Dovecat infection is not the first time that QNAP has been targeted by a malware campaign. Previously, the storage firm has had to warn users of the QSnatch malware and multiple ransomware attempts.

Via Bleeping Computer