Malware used Microsoft servers to mine crypto

The malicious program exploited Microsoft SQL servers to mine cryptocurrency for nearly two years.

Cybersecurity researchers uncovered the malware that was exploiting Microsoft SQL servers to mine cryptocurrency for nearly two years.

Guardicore Labs, the cybersecurity company, said the malware “Vollgar” employed password brute-force to breach Microsoft SQL servers with weak credentials exposed to the Internet, reports Hacker News.

The malicious program was called after Vollar (VDS), the digital currency that it mines. The name is also associated with its offensive and even “vulgar” mode of operation.

Sponsored

Cybersecurity experts reported that hackers managed to infect nearly 2,000-3,000 database servers every day within the last few weeks. Their victims most possibly are healthcare institutions, aviation, IT and telecommunication, higher education sectors. Targets of “Vollgar” are mainly located in China, India, South Korea as well as in the United States and Turkey.

Attacks came from China

According to Hacker News, hackers start the attack with brute-force login attempts on Microsoft SQL servers. In case of success, servers allow the intruder to make configuration changes, that run malicious server commands and download malware files.

Aside from that, hackers create new privileged backdoor users to the MS-SQL database and operating system. Malware then deletes a long list of processes in order to secure the maximum amount of system recourses. It also aims to remove the presence of other threat โ€œactorsโ€ from the infected machine.

Furthermore, the malware drops different RATs and cryptocurrency miners, based on Monero (XRM) rig. These rigs mine digital coins like Monero and Vollar (VDS).

The cybersecurity experts disclosed that the whole infrastructure of these attacks was held on the compromised machines, including the primary command-and-control server in China. It is interesting, that the same Chinese server has already been attacked previously by various hackers.

Guardicore Labs even release a script to help companies detect if their MS-SQL servers have been compromised by “Vollgar”.

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Author
Milko Trajcevski

Milko Trajcevski is a DailyCoin news reporter, mainly focused on Ethereum (ETH), Cardano (ADA), and their founders (Vitalik Buterin and Charles Hoskinson). Milko is an avid follower of crypto and blockchain technology and has written thousands of articles on the subjects. He finds joy in transforming complex issues into written content that anyone can understand. Milko has used and analyzed numerous exchanges, such as Coinbase, FTX, and Binance. He also closely follows all of the latest news around the largest decentralized exchanges (DEXs). Location: Skopje, Macedonia

Read more