How to determine if the running process [oom_reaper] is normal system process?

最后修订日期: 2022-06-24

Applicable Products:

Security

A bitcoin miner has been reported to target QNAP NAS. Once a NAS is infected, CPU usage becomes unusually high where a process named "[oom_reaper]" could occupy around 50% of the total CPU usage. This process mimics a kernel process but its PID is usually greater than 1000.

You can check the PID by the procedures below.

Run ssh access to the NAS.
Run ps | grep oom_reaper and check the output.
In the following output example, 580 is the PID of [oom_reaper]
- if the PID < 1000, the process is a normal system process.
- if the PID > 1000, follow the instructions below.
  1. Update QTS or QuTS hero to the latest version.
  2. Install and update Malware Remover to the latest version.
  3. Use stronger passwords for your administrator and other user accounts.
  4. Update all installed applications to their latest versions.
  5. Do not expose your NAS to the internet, or avoid using default system port numbers 443 and 8080.

NAS

网通

监控

Applicable Products: