The new attack mode allows them to enter Linux, macOS, and Windows computers.
Postgre servers also have a vulnerability that prevents malware from being detected.
A new modality of cryptojacking, a practice also known as covert mining, has come to scourge the web to enrich hackers with Monero. It is a cryptocurrency mining bot detected by the Palo Alto Networks cybersecurity unit, who claim that it affects the PostgreSQL system servers and goes unnoticed by some antivirus.
Malware is being injected into computers remotely, since the hackers have managed explode a function that allows you to install files to mine Monero without being detected.
PostgreSQL is an object-oriented relational data management system, which is commonly used in proactive data management systems (PDMS), for file storage, web page management, and even geo-location networks.
Due to its open source constitution and that it is free, Postgre has become the fourth most popular data management system on the market. It also has the ability to be used by different operating systems, such as Linux, MacOS and Windows. This feature makes the attack by hackers has a wide margin of operation, and could spread quickly if security measures are not taken.
The researchers named the malware “PGMiner” and, according to their description, they managed to exploit a remote code execution (RCE) vulnerability in the PosgreSQL system. Hackers first make contact with the servers, always connected from the Tor network to avoid being traced. When they manage to intercept the server, they attack with brute force to crack the PostgreSQL authentication password, which grants them access to all server functions.
Already within the system, hackers can make use of a function called “Copy from the program”, which allows you to download and run all your mining files without leaving a trace on the computer. This is a controversial feature in the past, as it allows a local or remote user to run a Shell script on operating systems.
An already known bug, but now used to mine Monero
The bug was discussed last year as it was considered a risk to user safety, but shortly after, it was disregarded since it does not always endanger the system. Faced with this new modality of attacks with cryptojacking, Palo Alto Networks recommends that Postgre developers take action and update this option.
The researchers claim that this new mining bot is the first of its kind to be delivered via PostgreSQL. They also highlighted that few security systems detect its appearance, including WildFire, FireWall and Threat Prevention.
Although cybersecurity experts managed to find the mining pool that was using this malware, they were unable to access information on how much profit these individuals have generated with this new covert mining method.
What is known is that the techniques of cryptojacking they are becoming increasingly sophisticated and difficult to detect; Cases of malware abound that can hijack transactions while mining Monero or cases of extortion to their victims, as CriptoNoticias has reported in the past.
We want to thank the writer of this post for this amazing material
Hackers can mine Monero on your computer through PostgreSQL servers