10 March 2021, 3:23 am EST By
Crypto mining malware continue their attack on the Network-Attached Storage (NAS)
NAS are products of QNAP, a popular Taiwanese storage manufacturer. It is similar to an external storage device that can be expandable up to 16 Terabytes.
The researchers first discovered the malware at Qihoo 360 s Network Security Research Lab (360 Netlab).
The attack happens in two segments. The attacker gains control of the QNAP device and runs arbitrary commands.
360 Netlab reports on March 2, 2021, about attacks through the QNAP NAS devices via unauthorized remote command execution vulnerability, where the attackers gain privileges on the device, similar to admin rights, and perform malicious mining activities.
Z0Miner struck last year when Tencent Security tracked the malware exploiting two WebLogic pre-auth RCE bugs tracked as CVE-2020-14882 and CVE-2020-14883. At the time, the team of security analysts estimated the miner compromised around 5,000 servers by sending carefully constructed data packets to the vulnerable systems. The malware also moved laterally via SSH.
Before that, Oracle had already issued a security bulletin warning of vulnerabilities in WebLogic components. At the time, research from cyber security company Rapid7 said the flaw was “trivial to exploit.”
Researchers said the malware has since changed to look for and infect systems by exploiting remote command execution vulnerabilities in Elasticsearch and Jenkins.
Crypto-Miner Campaign Targets Unpatched QNAP NAS Devices threatpost.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from threatpost.com Daily Mail and Mail on Sunday newspapers.