Tencent Analysts: Nascent malware MrbMiner is infecting Microsoft SQL servers
Image credit: Pixabay

A new malware has been prowling the web in the past few months and has infected several Microsoft SQL servers using harmful cryptominers. Recent reports from Tencent technologies have named it ‘MrbMiner’. 

The malware was named after one of the domains used by the group as a host. Reportedly, the hazardous botnet surgically scans the web for MS-SQL servers and then makes repeated brute-force attacks to infiltrate them using various weak passwords.

Upon getting access to the system, attackers download the ‘assm.exe’ file, which inserts a boot persistence mechanism into the system, and creates a backdoor to enable future access.

Most importantly, the infection process is completed by connecting to the command and control server and downloading a cryptominer application that steals Monero (XMR) using illegal server resources. Once the connection is complete, hackers generate XMR coins in their crypto wallets. 

Each crypto wallet for Monero holds approximately $630. While this is a small amount, hackers are known to use multiple wallets to mine the funds.

Reports from Tencent’s analysts suggest that while the malware has only infected Microsoft servers to-date, there are traces of a code in the software that provides hints on the prospect of future attacks on Linux and ARM servers, too.

Experts have found that MrbMiner hackers create backdoor accounts with the id “Default” and the password “@fg125kjnhn987”. An efficient way to discover an MrbMiner hack is to check for a computer profile with these aforementioned credentials. In case such profiles exist, a full system audit seems necessary. 

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Donald Trump fires cybersecurity chief Chris Krebs after he debunked voter fraud theories

Late Tuesday evening, President Donald Trump fired the chief of the CISA…

New Crypto regulations in Malaysia come into effect

The Malaysian Securities Commission (SC) announced that newly amended regulations on cryptocurrency…

71% increase in ransomware attacks in healthcare sector in October 2020

Following the joint advisory issued by three federal agencies, CheckPoint Security published…