- Bad actors are now infecting PostgreSQL-enabled internet-connected devices with untraceable mining malware.
- 800,000 devices face the threat of being cryptojacked by this malware.
As a seasoned cybersecurity researcher with over two decades of experience under my belt, I find it alarming to see the relentless tactics employed by bad actors in their quest for control and profit. The recent revelation of the PG_MEM malware that targets PostgreSQL-enabled databases is yet another reminder of the ever-evolving threat landscape we face today.
A new type of malware targets PostgreSQL databases with weak passwords, exploiting their resources to form a network for cryptocurrency mining. Approximately 800,000 databases globally could potentially be affected, with around 300,000 in the United States and another 100,000 in Poland.
In a recent blog post, the cloud security company Aqua Security disclosed the emergence of a novel malware known as PG_MEM. This malicious software specifically targets PostgreSQL databases by forcefully gaining access through brute force methods. Once inside, it covertly delivers its payload and engages in cryptocurrency mining to conceal its activities.
The assault occurred when unscrupulous individuals gained unauthorized access to a PostgreSQL database through repeated attempts to guess its password. Once inside, they installed two malicious files which then hijacked the system’s resources for use in crypto-mining operations controlled by these bad actors. Additionally, these files were designed to block other malicious parties from exploiting the database, avoid detection during security scans, and maintain control over every action performed within the database.
Source: Aqua Security
Gaining control of devices to use them for mining activity is referred to as cryptojacking. Beyond such databases, personal devices can also be cryptojacked. With PostgreSQL databases, often called Postgres, their robustness leaves no other way for attackers to get through but brute forcing their way in. So, Postgres databases with weak passwords can find themselves on the chopping block.
Postgres Hacks Are Not Uncommon
“The current campaign takes advantage of Postgres databases on the internet with weak passwords. Many organizations link their databases to the internet, and a weak password can stem from poor configuration or insufficient identity management. Unfortunately, this is not an uncommon issue, and several large organizations have experienced these types of problems according to Aqua Security’s blog.”
As a researcher studying the mining process within cryptocurrency, I’ve noticed that securing additional resources significantly enhances miners’ opportunities to mine blocks. This incentivizes some miners to implement strategies aimed at maximizing their block rewards. Regrettably, I’ve observed an escalation in these types of attacks and malware-related incidents throughout 2024. The initial half of the year alone witnessed a staggering 400% surge in such occurrences.
Read More
- PENDLE PREDICTION. PENDLE cryptocurrency
- W PREDICTION. W cryptocurrency
- FIO PREDICTION. FIO cryptocurrency
- AAVE PREDICTION. AAVE cryptocurrency
- BONE PREDICTION. BONE cryptocurrency
- WALV PREDICTION. WALV cryptocurrency
- Bitcoin’s Unreliable Death Cross Is Looming Again
- Did the Megalopolis Trailer Make Up All Those Movie-Critic Quotes?
- Ethereum Suffers $61M Outflows, Worst Performance Since August 2022
- Decoding the Cosmic Conundrum in Honkai: Star Rail – Why So Serious?
2024-08-24 13:17