Wednesday, September 16, 10:33
Home security MrbMiner malware: It has infected thousands of MSSQL databases

MrbMiner malware: It has infected thousands of MSSQL databases

Researchers security discovered a new malware (they named it MrbMiner) that aims MSSQL servers and installs cryptominer.

MrbMiner malware MSSQL servers
MrbMiner malware: It has infected thousands of MSSQL servers with cryptominer

A new distribution gang malware has been particularly active in recent months and has managed to breach thousands Microsoft SQL Servers (MSSQL) and install one cryptominer. According to researchers of the Chinese company Tencent, thousands of bases data MSSQL are infected with cryptominer.

Earlier this month, Tencent released a report in which he was talking about that malware gang. The researchers named them hackers MrbMiner, borrowing the name of the domains, used by criminals to host their malware.

According to the researchers, for the spread of the botnet, it was done scan to Internet for vulnerable MSSQL servers. Then it was done brute-force attacks in order to gain access to the administrator account.

After the initial login, the hackers downloaded one assm.exe file, which they used to create a “(re) boot persistence mechanism”And add one backdoor account for future access. According to the researchers, this account has the username "Default" and password "@ fg125kjnhn987."

The infection process is completed with connect to the command and control server and download a crypto-miner application stealing Monero (XMR), using illegal server resources and creating XMR currencies in accounts controlled by them hackers.

MrbMiner malware: It has infected thousands of MSSQL servers with cryptominer

The researchers found that malware could also target Linux and ARM

Tencent Security researchers say they have so far only seen MSSQL databases infected. However, they found that the MrbMiner C&C server contained malware versions designed to target Linux servers and ARM-based systems.

Analysis of the Linux version showed that there was a Monero wallet with cryptocurrencies. The address contained 3,38 XMR (~ $ 300). This means that MrbMiner gang has also targeted Linux systems and has stolen money, although investigators have not found even more information about them attacks.

As we read on ZDNet, the Monero wallet used for the MbrMiner version targeting MSSQL servers had 7 XMR (~ $ 630) stored. One could say that these amounts are very small. However, we do not know if they represent the total amount they have stolen hackers, as crypto-mining gangs use many different addresses (wallets).

At the moment, system administrators must scan their MSSQL databases to check if there is a backdoor account with credentials: Default / @ fg125kjnhn987. If they find such a thing, they should immediately check the whole network.


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortress
Pursue Your Dreams & Live!


MrbMiner malware: It has infected thousands of MSSQL databases

Security researchers have discovered a new malware (called MrbMiner) that targets MSSQL servers and installs cryptominer.

Worrying increase in hands-on hacking campaigns by 2020

According to research by Crowdstrike, in the first months of 2020 there was a significant increase in sophisticated hands-on hacking attacks.

Newhall School District: Cancels classes due to ransomware attack

Another US school complex was attacked by ransomware a few days ago, affecting the lessons that ...

Missouri Hacking Attack Prevented!

A hacking attack aimed at infecting a Missouri county site with malware has been thwarted. Hackers developed a trojan malware, ...

Orange Tsai: How (again) I hacked Facebook!

The following article is about the personal experience of Orange Tsai, so he literally quotes his words about how he managed to ...

Adidas: New technology for high performance sneakers

Adidas seems to be ready to look into the eyes of its eternal rival Nike, in the race for the best big shoes ...

How to monitor CPU usage on your Mac Dock?

If you often use applications that consume a lot of your processor power, it is good to monitor the CPU usage of ...

Facebook: Employee accuses platform of political manipulation

Facebook ignored or was slow to act on evidence, as fake accounts on its platform undermine elections and politics ...

Pandemic: Hackers targeted construction companies

During the first six months of the year and as the COVID-19 pandemic brought huge changes in the daily life of the whole world, the ...

Facebook: The new Climate Change Information Center

As part of its efforts against climate change, Facebook has launched the Climate Change Information Center. Its purpose is ...