fbpx

Malware used Microsoft servers to mine crypto

Cybersecurity researchers uncovered the malware that was exploiting Microsoft SQL servers to mine cryptocurrency for nearly two years.

Guardicore Labs, the cybersecurity company, said the malware “Vollgar” employed password brute-force to breach Microsoft SQL servers with weak credentials exposed to the Internet, reports Hacker News.

The malicious program was called after Vollar (VDS), the digital currency that it mines. The name is also associated with its offensive and even “vulgar” mode of operation.

Cybersecurity experts reported that hackers managed to infect nearly 2,000-3,000 database servers every day within the last few weeks. Their victims most possibly are healthcare institutions, aviation, IT and telecommunication, higher education sectors. Targets of “Vollgar” are mainly located in China, India, South Korea as well as in the United States and Turkey.

Attacks came from China

According to Hacker News, hackers start the attack with brute-force login attempts on Microsoft SQL servers. In case of success, servers allow the intruder to make configuration changes, that run malicious server commands and download malware files.

Aside from that, hackers create new privileged backdoor users to the MS-SQL database and operating system. Malware then deletes a long list of processes in order to secure the maximum amount of system recourses. It also aims to remove the presence of other threat “actors” from the infected machine.

Furthermore, the malware drops different RATs and cryptocurrency miners, based on Monero (XRM) rig. These rigs mine digital coins like Monero and Vollar (VDS).

The cybersecurity experts disclosed that the whole infrastructure of these attacks was held on the compromised machines, including the primary command-and-control server in China. It is interesting, that the same Chinese server has already been attacked previously by various hackers.

Guardicore Labs even release a script to help companies detect if their MS-SQL servers have been compromised by “Vollgar”.

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed to be financial legal or tax advice. Trading Forex, cryptocurrencies, and CFDs poses a considerable risk of loss

Rate This Article
In order to improve, we give you the opportunity to rate DailyCoin content
Author

DailyCoin is an online media outlet, with a focus to cover blockchain and crypto news, opinions, trends and helpful articles. We focus on delivering fast and objective news about cryptocurrencies and crypto markets with a swirl of passion. Our dedicated and motivated global team is here to deliver the highest quality content. If you want to collaborate with DailyCoin and become our contibutor, please contact us at [email protected]