Name of Malware: Qsnatch

Type of Malware: Trojan, backdoor

Affected Operating System: Linux

Affected Device Types: NAS devices

Impact: medium

What is Qsnatch?

Qsnatch is a trojan for Linux devices that primarily attacks network drives manufactured by QNAP.

Its functions include stealing access data and opening backdoors to infected devices.

Through this backdoor, the attacker can gain access to the system and perform other actions. The malware is capable of a wide range of attack types, from information theft to downloading other malware.

How did I get infected with Qsnatch?

The exact mode of infection is not yet known.

What do I have to do now?

As the malware Qsnatch takes full control of the system and often hides your files, you may need to reformat/reinstall your operating system.

Further information on removing this malware can be found under Removing infections from PCs, laptops etc.

View the advisory*: https://www.qnap.com/de-de/security-advisory/nas-201911-01

* This link to a third-party website ("third-party content") was accurate, to the best of the BSI's knowledge, on the date the link was created and is intended solely to provide access to "third-party content". We believe that the originator of this third-party content is trustworthy. However, the BSI has not checked or verified this third-party content. This also applies to any other third-party content that can be accessed or may be accessible via the link. For this reason, the BSI explicitly distances itself from any ownership of or responsibility for third-party content on third-party websites linked on the BSI website. The BSI cannot guarantee that such third-party content is complete, accurate, fit for a specific purpose or legally compliant.

Technical specifications

Further information on this malware can be found on the website of our project partner Fraunhofer FKIE.