1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Thousands of PostgreSQL servers are being hijacked to mine crypto

    From TechnologyDaily@1337:1/100 to All on Wednesday, April 02, 2025 16:15:09
    Thousands of PostgreSQL servers are being hijacked to mine crypto

    Date:
    Wed, 02 Apr 2025 15:03:00 +0000

    Description:
    Hackers are hunting for misconfigured servers and those with weak passwords.

    FULL STORY ======================================================================Research ers at Wiz spot a new cryptojacking campaign It has targeted more than 1,500 misconfigured PostgreSQL servers A variant of the infamous XMRig miner was deployed to try and steal crypto

    Hackers are targeting misconfigured and publicly exposed PostgreSQL servers with cryptocurrency miners, rendering them practically unusable as they rake up the electricity bill for the victims, researchers have warned.

    Wiz Threat Research experts said the new attack was actually a variant of an already observed, ongoing campaign, as the threat actors (which they call JINX-0126) are targeting PostgreSQL instances configured with weak and guessable login credentials. Once they find them and log in, they deploy the XMRig-C3 cryptominer .

    XMRig is a hugely popular cryptominer, since it mines the Monero cryptocurrency, which is generally a lot more difficult to trace, compared to Bitcoin, or other mineable currencies.

    Monitor your credit score with TransUnion starting at $29.95/month

    TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnions advanced risk assessment tools.

    Preferred partner ( What does this mean? ) View Deal Mining Monero

    A cryptocurrency miner uses up almost all of the devices compute power, rendering it useless for pretty much anything else. This also means increased electricity consumption, which results in an inflated bill at the end of the month.

    Cybercriminals, on the other hand, get Monero sent directly into their wallets, which they can sell on the open market for US dollars, or any other cryptocurrency. In many cases, the money gets spent on other malicious campaigns.

    Wiz says that the campaign was first documented by researchers from Aqua Security, but it has since evolved.

    The threat actors have allegedly implemented additional defense mechanisms
    and are deploying the miner filelessly in order to evade being spotted.

    The researchers found that the threat actor assigned a unique mining worker
    to each victim, making it relatively easy to determine how many devices were likely compromised. Based on their analysis, the campaign likely impacted
    more than 1,500 devices.

    This suggests that misconfigured PostgreSQL instances are highly common, providing a low hanging fruit entry point for opportunistic threat actors to exploit, they said.

    Furthermore, our data shows that nearly 90% of cloud environments self-host PostgreSQL instances, of which a third have at least one instance that is publicly exposed to the internet.

    Via The Hacker News You might also like One of the biggest data leaks ever has just been revealed - here's what to do if you've been hit We've rounded
    up the best password managers Take a look at our guide to the best authenticator app



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/thousands-of-postgresql-servers-are-bei ng-hijacked-to-mine-crypto


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)