Do you have any sort of external access enabled on your NAS (qBittorrent included)? Based on the behavior and neofusion’s comment it almost certainly is a crypto-miner.
Try to determine possible ways it got there, ensure any form of remote access is secured, check for possible persistence (.zshrc is a common one along with cron jobs, check for any new SSH keys, check for any new local accounts, etc).
Honestly I would reinstall just in-case as well. It’s easy (just export and reimport configuration on a new install) and is definitely easier than going over everything with a fine-tooth comb. A lot of these types of malware aren’t particularly sophisticated and involve just dropping a crytpominer, adding some form of reboot persistence, and nothing else.