Microsoft SQL Servers Infected by MrbMiner For Cryptojacking
Microsoft SQL Servers Infected by MrbMiner For Cryptojacking

Tencent cybersecurity team has found a new malware group named MrbMiner, who are targeting Microsoft’s SQL servers with weak credentials to inject a cryptocurrency miner. So far, there have been thousands of MSSQL servers being hijacked, and researchers have even found two other variants of malware targeting ARM and Linux based systems.

New Malware Infecting MSSQL Servers For Cryptojacking

The Tencent cybersecurity wing has earlier documented a new malware targeting Microsoft’s SQL servers, which they named as MrbMiner after one of its domains hosting their malware. The authors of this MrbMiner are scanning the internet for MSSQL servers and brute-forcing accounts with weak credentials to gain access.

After succeeding, they then install an assm.exe file to set backdoor in the targeted system. Also, this executable gains them persistent access to the system sustaining hard reboots. Researchers said the hackers were setting rouge accounts with credentials of “Default” as username and “@fg125kjnhn98” as password. So, they warn IT admins to look for an account with these credentials in their systems.

And if found one, unfortunately, they need to audit the systems further. These were being hijacked for a common purpose of installing a cryptocurrency miner. Researchers said that authors of MrbMiner are procuring their Monero (XMR) miner software from the hacker’s Command and Control (C2) server once the backdoor is set.

Installing the miner starts minting coins XMR coins for the hacker using the victim’s system resources. Upon tracing back, researchers have found two more malware strains that are designed for infecting systems based on Linux and ARM chips! While they haven’t been able to test those malwares yet, they confirmed their active operations by taking a peek into their connected wallets.

The cryptocurrency wallets of Linux based malware has about 3.3 XMR balance, and the MrbMiner connected wallet is having about 7 XMR. Though these aren’t so great, cryptojacking actors reportedly use several wallets to get their funds, which turns out to be a big sum of added up.

Other Trending News:-  News


Please enter your comment!
Please enter your name here