As a seasoned researcher with years of experience in cybersecurity, this latest discovery of PG_MEM malware targeting PostgreSQL servers is both concerning and intriguing. The recurring theme of cryptojacking campaigns against such databases is a clear testament to the resilience and adaptability of these threats.
Investigators from Aqua Nautilus recently discovered a fresh type of malicious software, which specifically attacks PostgreSQL servers in order to install cryptocurrency mining programs.
A security company has discovered approximately 800,000 servers that might be susceptible to a cryptocurrency mining attack focused on PostgreSQL, a widely-used open-source database system that handles data storage, management, and retrieval for numerous applications.
As per a research report recently disseminated to crypto.news, the alleged “PG_MEM” malware initiates its operation by launching a brute-force attack against PostgreSQL databases. It successfully penetrates databases protected by weak passwords.
Once the malware gains entry into the system, it sets up a high-level user account with administrative rights, giving it complete authority over the database and preventing other users from accessing it. With this control, the malware runs shell commands on the host machine, which allows for the transfer and installation of further harmful data packages.
As per the findings of the report, the data packages carry a pair of files intended to help the malicious software avoid identification, configure the system for cryptocurrency extraction, and activate the XMRIG tool, which is utilized for mining Monero (XMR).
1. XMRIG is frequently employed by malicious actors because of Monero’s difficult-to-track transactions. In a cryptojacking attack last year, an educational platform was breached, and the attackers secretly planted a script that installed XMRIG on every visitor’s device.
Malware hijacks PostgreSQL servers to deploy crypto miners
Researchers discovered that this malicious software deletes current scheduled tasks (cron jobs) set to run automatically at specific time intervals on a server, then sets up new ones to make certain that the cryptocurrency miner keeps operating continuously.
As a savvy crypto investor, I understand how this mechanism enables malware to persist in its operations, whether the server is rebooted or certain processes are momentarily paused. To avoid detection, it systematically erases crucial files and records that could potentially reveal its footprints on the server, thus staying under the radar.
Researchers have cautioned that although the main objective of the campaign is to install a cryptocurrency miner, it’s crucial to note that the attackers additionally seize command over the compromised server, emphasizing the gravity of this situation.
Over the years, there have been frequent instances of cyberattacks known as cryptojacking that specifically target PostgreSQL databases. For instance, researchers from Palo Alto Networks’ Unit 42 found a similar cryptojacking campaign in 2020, using the PgMiner botnet. Similarly, back in 2018, the StickyDB botnet was uncovered, and it too had infiltrated servers to mine Monero.
Read More
- We’re Terrible At Organizing Things.’ Tom Holland Reveals The Sweet Holiday Scheme He And Zendaya Are Going To Try Next Year
- Path of Exile 2: How To Find & Unlock the Realmgate
- Yarrow Slaps’ Distorted Celebrity Portraits Take Center Stage in New Video Game-Inspired Show
- Cookie Run Kingdom: Shadow Milk Cookie Toppings and Beascuits guide
- Girls Frontline 2 Exilium tier list
- NewsNation Taps Leland Vittert to Replace Dan Abrams
- XLARGE Celebrates Lil Wayne With New Collection
- Million-Dollar Crypto Scandal: Abra Pays Up in SEC Settlement
- Deva: Shahid Kapoor and Pooja Hegde’s lip-lock scene gets trimmed by CBFC? Film’s runtime and rating revealed
- Joel McHale Joined Scream 7 And His Role Destroys A Popular Fan Theory
2024-08-21 15:24