In October 2019, SecurityScorecard’s Threat Intelligence team discovered QSnatch, a malware targeting Quality Network Appliance Provider (QNAP) Network Attached Storage (NAS) systems. A NAS is a dedicated file storage server providing data access to heterogeneous clients. A business might use such a server for storing the data in a single place and providing access to the data to its employees, clients, partners. The NAS provided by QNAP Systems, Inc. runs a Linux-based operating system called QTS.
This report details a technical analysis of the malware, details of the discovery, a timeline of QSnatch’s history, and data and indicators of compromise (IoC) about the infected systems. This report provides information for both technical users and business users, supporting SecurityScorecard’s commitment to giving organizations a common language for discussing security threats.