Dovecat Malware Description
A new crypto-mining malware strain has been leveraged against NAS (Network-attached storage) devices belonging to the Taiwanese hardware vendor QNAP. Details about the operations were unveiled by the company itself in a security advisory. QNAP first became aware of the threatening campaign after customers discovered two suspicious processes named 'dovecot' and 'dedpma.' The processes were taking up a significant portion of the available resources and were constantly running in the background.
After conducting an investigation into the issue, QNAP discovered the new malware strain and named it Dovecat. The Dovecat Malware appears to be designed to target QNAP's devices specifically. One example is the attempt to disguise one of the malware's processes by using a name similar to Dovecot, a legitimate email daemon distributed alongside QNAP's firmware and several Linux distros.
To spread itself, the Dovecat Malware abuses exposed systems that have weak passwords. As a result, even though the threat is created to focus on QNAP devices, it can easily infect a larger subset of potential victims. Indeed, several reports detail Dovecat infections being found on Synology NAS devices.
This operation is far from being the first to target QNAP. On the contrary, it is just the latest in a growing list of malware threats attempting to infect their storage devices, such as the QSnatch malware, the ec0raix Ransomware, the Muhstij Ransomware and the AgeLocker Ransomware.
The company's security advisory contains several suggestions that could help users better protect their devices against Dovecat attacks. The minimum should at least be to change current admin and database administer passwords with stronger ones.