Mrs. Christiana Kozakou, is the Head of Marketing at Odyssey Cybersecurity, where she leads and oversees strategic marketing efforts for Odyssey and ClearSkies brands around the globe. Her expertise lies in designing and coordinating 360-degree marketing campaigns and crafting effective marketing penetration strategies for exploring new markets. Mrs. Kozakou is a dynamic professional driven by her passion for unleashing potential in every endeavour, leading a team of creative marketers, working together towards one goal: to give voice to Odyssey and its people so the world can become a cyber safer place. Throughout her 10 years career, Mrs. Kozakou has served in key roles in Advertising, Business Development and Digital Marketing in International companies. A fervent believer in empowering women, she served as a dedicated volunteer for IWIB’s International Team, fostering growth and opportunities for aspiring leaders. Her educational background boasts a Master of Business Administration (MBA), Bachelor’s degrees in Marketing and Sociology.
New Massive Ongoing Campaign Spreading The QSnatch Data-Stealing Malware To QNAP Devices
Threat Level Description
Threat Level: High - An attack is highly likely. Additional and sustainable protective security measures reflecting the broad nature of the threat combined with specific business and geographical vulnerabilities and judgments on acceptable risk.
We have observed that a new massive ongoing campaign, that spreads the “QSnatch” data-stealing malware to Taiwanese QNAP’s network-attached storage (NAS) appliances, has been identified.
The data stealing malware, named “QSnatch” targets QNAP NAS devices and has already compromised more than 62,000 devices.
QNAP Systems, Inc. is a Taiwanese corporation that specializes in Network-attached storage appliances used for file sharing, virtualization, storage management and surveillance applications.
The latest version of “QSnatch” comes with a broad range of features, including a CGI password logger that uses a fake admin login screen to capture passwords, a credential scraper, an SSH backdoor and a web shell functionality to access the device remotely.
Once a device has been infected, attackers could prevent administrators from successfully running firmware updates.
Note that the original infection method still remains unknown, but during the infection phase, malicious code is injected to the firmware of the target system. Then, the code runs as part of normal operations within the device. As a result, the device is considered as compromised.
Furthermore, the “QSnatch” uses domain generation algorithms to retrieve more malicious code from C2 servers. The retrieval method is “HTTP GET https://
The malware can be removed from an infected device by performing a full factory reset (effectively destroying all stored data within the device).
After cleansing the device further steps are required:
• Change all passwords for all accounts on the device
• Remove unknown user accounts from the device
• Make sure the device firmware is up-to-date and all of the applications are also updated
• Remove unknown or unused applications from the device
• Install QNAP MalwareRemover application via the App Center functionality
• Set an access control list for the device (Control panel -> Security -> Security level)
Furthermore, it is recommended to follow QNAP's security advisory to prevent the infection (“https://www.qnap.com/en/security-advisory/nas-201911-01”).
You should understand the importance of security updates, and the urgency with which they should be applied, no matter how large or small your organization is. It is very important to apply an efficient patch management solution and always have enabled an active event security logging and practice event monitoring. To protect the valuable assets of your business and be compliant with the relevant industry regulations requires a comprehensive approach to the management of risk, including Penetration Testing at least annually and upon significant changes.