Up to 800,000 internet-connected databases could be vulnerable to crypto-mining malware that will use their computing capacity.
New malware has been uncovered that targets databases to install cryptocurrency mining software. Dubbed PG_MEM, the malware could potentially hit any of the more than 800,000 PostgreSQL-managed databases if they have weak passwords.
According to cloud-native cybersecurity company Aqua, PG_MEM is installed after a brute force attack finds a weak password on a PostgreSQL-managed database. PostgreSQL is a popular object-relational database management system that is used by databases with internet connectivity. There are well over 800,000 such databases, with almost 300,000 located in the United States and over 100,000 in Poland.
Once the threat actor has gained entry to a database, it creates a new user with login capability and high privileges. It downloads two files from the threat actor’s server and even manages to cover its tracks and block entry to other threat actors eager to exploit the database’s computing capacity. This could be happening often: