Synology NAS devices are being attacked by a stealthworker botnet, according to security researchers. The botnet is using Synology NAS devices to spread malware and collect data. The malware can be used to steal user data, including personal information and credit card numbers. The stealthworker botnet is active in Europe and the United States, and has been reported in Poland, Romania, Hungary, Slovakia, Slovenia, Latvia and Estonia. It is not yet clear how the botnet was able to infect Synology NAS devices. Synology has released a statement saying that it is aware of the attack and is working to fix the issue. The company recommends that users update their firmware if they have any concerns about their NAS devices being affected by this attack.
What’s Happening With Synology and StealthWorker?
According to Synology’s Product Security Incident Response Team and reported by Bleeping Computer, the company has seen an increase in brute-force attacks against Synology devices. It believes that the StealthWorker malware is primarily responsible for the recent attacks.
Computers infected with StealthWorker are connected to a botnet that will perform brute-force attacks.
The company says that the attacks are based on a number of devices infected with the StealthWorker malware. The StealthWorker malware is using these machines to try and guess common administrative credentials. If it succeeds, it will install its malicious payload, which could include ransomware.
From there, additional attacks could occur on other Linux-based devices, including Synology NAS products.
Synology was quick to point out that it “has seen no indication of the malware exploiting any software vulnerabilities.” Meaning, there isn’t a software hole left by the company that’s being exploited, but rather, it’s the existing infections causing the problems.
RELATED: The Best NAS (Network Attached Storage) Devices of 2022
How Can You Stay Safe?
If you use a Synology NAS device, staying safe from these attacks is relatively easy. The company recommends that all users check their system for weak administrative credentials and change them if necessary. This applies to both residential users and system administrators. Synology also recommends enabling auto block and account protection. Finally, you should set up multi-step authentication when possible.
If you’ve found any evidence of suspicious activity on your devices, you can reach out to Synology support for help.