Fun

Malware exploits weak passwords in PostgreSQL for cryptojacking

News Feed - 2024-08-22 06:08:23

Derek Andersen2 hours agoMalware exploits weak passwords in PostgreSQL for cryptojackingUp to 800,000 internet-connected databases could be vulnerable to crypto-mining malware that will use their computing capacity.359 Total views1 Total sharesListen to article 0:00NewsOwn this piece of crypto historyCollect this article as NFTCOINTELEGRAPH IN YOUR SOCIAL FEEDFollow ourSubscribe onNew malware has been uncovered that targets databases to install cryptocurrency mining software. Dubbed PG_MEM, the malware could potentially hit any of the more than 800,000 PostgreSQL-managed databases if they have weak passwords.


According to cloud-native cybersecurity company Aqua, PG_MEM is installed after a brute force attack finds a weak password on a PostgreSQL-managed database. PostgreSQL is a popular object-relational database management system that is used by databases with internet connectivity. There are well over 800,000 such databases, with almost 300,000 located in the United States and over 100,000 in Poland.Malware sends spare compute to a mining pool


Once the threat actor has gained entry to a database, it creates a new user with login capability and high privileges. It downloads two files from the threat actor’s server and even manages to cover its tracks and block entry to other threat actors eager to exploit the database’s computing capacity. This could be happening often:“This campaign is exploiting internet facing Postgres databases with weak password. Many organizations connect their databases to the internet, weak password is a result of a misconfiguration, and lack of proper identity controls. This is not a rare issue and many large organizations suffer from these problems.”


The malware, once operational, connects to a mining pool and uses the host’s computing resources, combined with those of other miners, to increase the chances of mining a new block.PG_MEM attack flow. Source: Aqua Security


Related: Windows tool targeted by hackers deploys crypto-mining malwareA growing problem — or solution


The use of malware to mine cryptocurrency is known as cryptojacking. Cryptojacking malware can be installed on personal computers as well. It is becoming more frequent. Cointelegraph noted that crypto malware attacks rose by 400% year-on-year in the first half of 2023.Source: Aqua Security


Unused capacity can be harnessed by rightful hardware users for mining or other uses. Decentralized cloud infrastructure provider Aethir, for example, operates a GPU-as-a-service decentralized physical infrastructure network (DePIN) that sources compute from tier 3 and tier 4 data centers to provide inexpensive, scalable computing service to its clients.


Magazine: Weird ‘null address’ iVest hack, millions of PCs still vulnerable to ‘Sinkclose’ malware: Crypto-Sec# Bitcoin# Security# Hackers# CryptojackingAdd reaction

News Feed

7 Ethereum Projects Are Getting $175,000 in Grants From ConsenSys
Venture studio ConsenSys is giving $175,000 to seven different open-source software projects on the ethereum network. Announced on Oct. 10, these projects include a forward-looking
Bitcoin, Ethereum Technical Analysis: BTC, ETH Move Lower on Black Friday
Bitcoin, Ethereum Technical Analysis: BTC, ETH Move Lower on Black Friday Bitcoin was marginally lower on Nov. 25, as markets returned to action following the U.S. Thanksgiving hol
Derek Andersen2 hours agoInternational financial group finds gaps in digital euro legislative packageThe Institute of International Finance looked at seven areas where digital euro legislation, which is being developed a
Miami Mayor: China’s Crypto Crackdown ‘Creates Incredible Opportunity for America’ in Bitcoin Mining
Miami Mayor: China’s Crypto Crackdown "Creates Incredible Opportunity for America" in Bitcoin Mining The mayor of Miami, Florida, sees China’s cryptocurrency crackdown as
Famous Malaysian Actor Fined for Stealing $50,000 Worth of Crypto From His Producer
Famous Malaysian Actor Fined for Stealing $50,000 Worth of Crypto From His ProducerA Malaysian court has fined famous local actor Mas Khan $4,000, or 26 months in jail, for stealing
Prashant Jha11 hours agoEU banking watchdog proposes liquidity rules for stablecoin issuersThe proposed guidelines are currently in the public consultation phase for the next three months and, if approved, will come into
Venezuelan Authorities Reconnect Affected Bitcoin Miners to Power Grid
Venezuelan Authorities Reconnect Affected Bitcoin Miners to Power Grid Venezuelan authorities have reconnected affected bitcoin miners to the power grid in Carab
Anonymous Affiliate Hacks State-Run Russian Broadcaster
Anonymous Affiliate Hacks State-Run Russian Broadcaster NB65, a hacking group affiliated with the Anonymous collective, has allegedly breached the servers of the Russian government
Nigerian Blockchain Startup Bitmama Closes $2 Million Pre-Seed Round
Nigerian Blockchain Startup Bitmama Closes $2 Million Pre-Seed Round After raising $1.65 million via a pre-seed extension, Bitmama, a Nigeria-based blockchain startup, has now clos
Ethereum ETF Inflows Hit 8-Week Streak—Institutions Still Buying
Reason to trust Strict editorial policy that focuses on accuracy, relevance, and impartiality Created by industry experts and meticulously reviewed The highest standards in reporting and pu
Tom Blackstone11 hours agoDecentralized asset management system launches for Arbitrum, OptimismValio has launched publicly, allowing investors to back money managers through a decentralized process.2946 Total views53 Tot
Onchain Data Suggests Bitcoin Sell-Off Fueled by New Investors
Onchain Data Suggests Bitcoin Sell-Off Fueled by New Investors While the covid-19 outbreak has caused economic calamity, cryptocurrencies have regained some of the losses that de