New malware has been uncovered that targets databases to install cryptocurrency mining software. Dubbed PG_MEM, the malware could potentially hit any of the more than 800,000 PostgreSQL-managed databases if they have weak passwords.
According to cloud-native cybersecurity company Aqua, PG_MEM is installed after a brute force attack finds a weak password on a PostgreSQL-managed database. PostgreSQL is a popular object-relational database management system that is used by databases with internet connectivity. There are well over 800,000 such databases, with almost 300,000 located in the United States and over 100,000 in Poland.
Malware sends spare compute to a mining pool
Once the threat actor has gained entry to a database, it creates a new user with login capability and high privileges. It downloads two files from the threat actor’s server and even manages to cover its tracks and block entry to other threat actors eager to exploit the database’s computing capacity. This could be happening often:
“This campaign is exploiting internet facing Postgres databases with weak password. Many organizations connect their databases to the internet, weak password is a result of a misconfiguration, and lack of proper identity controls. This is not a rare issue and many large organizations suffer from these problems.”
The malware, once operational, connects to a mining pool and uses the host’s computing resources, combined with those of other miners, to increase the chances of mining a new block.
Related: Windows tool targeted by hackers deploys crypto-mining malware
A growing problem — or solution
The use of malware to mine cryptocurrency is known as cryptojacking. Cryptojacking malware can be installed on personal computers as well. It is becoming more frequent. Cointelegraph noted that crypto malware attacks rose by 400% year-on-year in the first half of 2023.
Unused capacity can be harnessed by rightful hardware users for mining or other uses. Decentralized cloud infrastructure provider Aethir, for example, operates a GPU-as-a-service decentralized physical infrastructure network (DePIN) that sources compute from tier 3 and tier 4 data centers to provide inexpensive, scalable computing service to its clients.
Magazine: Weird ‘null address’ iVest hack, millions of PCs still vulnerable to ‘Sinkclose’ malware: Crypto-Sec