Fun

Malware exploits weak passwords in PostgreSQL for cryptojacking

News Feed - 2024-08-22 06:08:23

Derek Andersen2 hours agoMalware exploits weak passwords in PostgreSQL for cryptojackingUp to 800,000 internet-connected databases could be vulnerable to crypto-mining malware that will use their computing capacity.359 Total views1 Total sharesListen to article 0:00NewsOwn this piece of crypto historyCollect this article as NFTCOINTELEGRAPH IN YOUR SOCIAL FEEDFollow ourSubscribe onNew malware has been uncovered that targets databases to install cryptocurrency mining software. Dubbed PG_MEM, the malware could potentially hit any of the more than 800,000 PostgreSQL-managed databases if they have weak passwords.


According to cloud-native cybersecurity company Aqua, PG_MEM is installed after a brute force attack finds a weak password on a PostgreSQL-managed database. PostgreSQL is a popular object-relational database management system that is used by databases with internet connectivity. There are well over 800,000 such databases, with almost 300,000 located in the United States and over 100,000 in Poland.Malware sends spare compute to a mining pool


Once the threat actor has gained entry to a database, it creates a new user with login capability and high privileges. It downloads two files from the threat actor’s server and even manages to cover its tracks and block entry to other threat actors eager to exploit the database’s computing capacity. This could be happening often:“This campaign is exploiting internet facing Postgres databases with weak password. Many organizations connect their databases to the internet, weak password is a result of a misconfiguration, and lack of proper identity controls. This is not a rare issue and many large organizations suffer from these problems.”


The malware, once operational, connects to a mining pool and uses the host’s computing resources, combined with those of other miners, to increase the chances of mining a new block.PG_MEM attack flow. Source: Aqua Security


Related: Windows tool targeted by hackers deploys crypto-mining malwareA growing problem — or solution


The use of malware to mine cryptocurrency is known as cryptojacking. Cryptojacking malware can be installed on personal computers as well. It is becoming more frequent. Cointelegraph noted that crypto malware attacks rose by 400% year-on-year in the first half of 2023.Source: Aqua Security


Unused capacity can be harnessed by rightful hardware users for mining or other uses. Decentralized cloud infrastructure provider Aethir, for example, operates a GPU-as-a-service decentralized physical infrastructure network (DePIN) that sources compute from tier 3 and tier 4 data centers to provide inexpensive, scalable computing service to its clients.


Magazine: Weird ‘null address’ iVest hack, millions of PCs still vulnerable to ‘Sinkclose’ malware: Crypto-Sec# Bitcoin# Security# Hackers# CryptojackingAdd reaction

News Feed

Unizen hacker transfers $2.1M stolen funds to Tornado Cash
Josh O"Sullivan36 minutes agoUnizen hacker transfers $2.1M stolen funds to Tornado CashThe hacker’s use of Tornado Cash marks the first movement of the stolen Unizen funds since March, heightening security concerns.184
Darknet Users Leverage a New Blockchain Analytics Tool That Scans for Ties to Criminal Activity
Darknet Users Leverage a New Blockchain Analytics Tool That Scans for Ties to Criminal Activity According to the blockchain intelligence firm Elliptic, cybercrim
Amaka Nwaokocha1 hour agoCrypto lawyer says $20M settlement is 99.9% win for RippleDeaton strongly refuted the idea that the lawsuit’s result was an even 50/50 outcome for the SEC, claiming that it’s closer to a 90/1
Polymarket raises $70M from Vitalik Buterin, Founders Fund
Josh O"Sullivan9 hours agoPolymarket raises $70M from Vitalik Buterin, Founders FundAmid increasing U.S. regulatory scrutiny, popular crypto-based betting platform Polymarket has secured funding to expand its global oper
Financial Giant State Street Sees Unwaning Crypto Demand From Institutional Investors
Financial Giant State Street Sees Unwaning Crypto Demand From Institutional Investors Investment management firm State Street says that institutional clients are not deterred from
Coinbase Discloses It Will ‘Evaluate Any ETH Fork Tokens Following The Merge’
Coinbase Discloses It Will "Evaluate Any ETH Fork Tokens Following The Merge" The publicly listed firm Coinbase Global has revealed the company plans to evaluate any potential fork
Helen Partz13 hours agoRipple CTO slams Charles Hoskinson over SEC’s ETH ‘favoritism’The Ripple community and Cardano’s founder have clashed over the definition of corruption in the context of the ETHgate scandal
Bitcoin Forms Rounding Bottom – Expert Sees Push To $100K Next Week
Este artículo también está disponible en español. Bitcoin has been trading sideways in a tight consolidation range, staying below key supply levels while holding strong a
Analyst Who Correctly Predicted The Fantom Breakout Above $1 Reveals What’s Next In The Parabolic Trend
Este artículo también está disponible en español. A crypto analyst on TradingView, known as ‘Tradecitypro,’ has published a detailed Fantom (FTM) report, breaking dow
Bitcoin Price Enters Correction Phase On Its Path To Explode Above $110,000
Este artículo también está disponible en español. The Bitcoin price  is still in a correction phaseunder $100,000, as it is currently down by 1.93% in the past 24 hours.
Pi Network reaches 10M KYC'd users, but token is still not tradeable
Christopher Roark2 hours agoPi Network reaches 10M KYC"d users, but token is still not tradeableThe centralized app reached 10 million verified accounts while critics contend it doesn’t benefit users.1856 Total views2
Bitcoin Realized Price Moves Further Away From Market Value – Bearish Signal Or Not?
Este artículo también está disponible en español. Bitcoin declined by 1.83% in the past week pushing its market price to below $97,000. Despite this loss, market sentimen