Synology NAS Devices Under Attack From StealthWorker Botnet

Lukmanazis/Shutterstock.com

Popular NAS maker Synology has warned its users that the StealthWorker botnet is targeting the devices made by the company. The ongoing brute-force attack could ultimately lead to ransomware infections on certain systems.

What’s Happening With Synology and StealthWorker?

According to Synology’s Product Security Incident Response Team and reported by Bleeping Computer, the company has seen an increase in brute-force attacks against Synology devices. It believes that the StealthWorker malware is primarily responsible for the recent attacks.

Computers infected with StealthWorker are connected to a botnet that will perform brute-force attacks.

The company says that the attacks are based on a number of devices infected with the StealthWorker malware. The StealthWorker malware is using these machines to try and guess common administrative credentials. If it succeeds, it will install its malicious payload, which could include ransomware.

From there, additional attacks could occur on other Linux-based devices, including Synology NAS products.

Synology was quick to point out that it “has seen no indication of the malware exploiting any software vulnerabilities.” Meaning, there isn’t a software hole left by the company that’s being exploited, but rather, it’s the existing infections causing the problems.

How Can You Stay Safe?

If you use a Synology NAS device, staying safe from these attacks is relatively easy. The company recommends that all users check their system for weak administrative credentials and change them if necessary. This applies to both residential users and system administrators. Synology also recommends enabling auto block and account protection. Finally, you should set up multi-step authentication when possible.

If you’ve found any evidence of suspicious activity on your devices, you can reach out to Synology support for help.