Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Launchpad
Be early to the next big token project
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
More
Over 800k servers at risk over new cryptojacking malware exploiting PostgreSQL
Researchers at Aqua Nautilus have uncovered a new malware that targets PostgreSQL servers to deploy cryptocurrency miners.
The cybersecurity firm has identified over 800,000 servers that are potentially vulnerable to a cryptojacking campaign targeting PostgreSQL, an open-source relational database management used to store, manage, and retrieve data for various applications.
According to a research report shared with crypto.news, the so-called “PG_MEM” malware starts by attempting to gain access to PostgreSQL databases with a brute force attack and manages to infiltrate databases with weak passwords.
Once the malware infiltrates the , it establishes a superuser role with administrative privileges, enabling it to take full control of the database and block access for other users. With this control, the malware utes shell commands on the host , facilitating the download and deployment of additional malicious payloads.
According to the report, the payloads contain two files designed to allow the malware to evade detection, set up the for cryptocurrency mining, and deploy the XMRIG mining tool used to mine Monero (XMR)
XMRIG is often used by threat actors due to Monero’s hard-to-trace transactions. Last year, an educational platform was compromised in a cryptojacking campaign where attackers deployed a hidden that installed XMRIG on every visitor’s .
Malware hijacks PostgreSQL servers to deploy crypto miners
Analysts found that the malware removes existing cron jobs, which are scheduled tasks that run automatically at specified intervals on a server and creates new ones to ensure that the crypto miner continues to run.
This allows the malware to continue its operations even if the server is restarted or if some processes are temporarily stopped. To remain unnoticed, the malware deletes specific files and logs that could be used to track or identify its activities on the server.
The researchers warned that while the campaign’s primary goal is to deploy the cryptocurrency miner, attackers also gain control of the affected server, highlighting its severity.
Cryptojacking campaigns targeting PostgreSQL databases have been a recurring threat over the years. In 2020, Palo Alto Networks’ Unit 42 researchers uncovered a similar cryptojacking campaign involving the PgMiner botnet. In 2018, the StickyDB botnet was discovered, which also infiltrated servers to mine Monero.