Malware Botnets Hijacked Microsoft SQL Databases to Mine Cryptocurrency Causing Concern

Nicholas Otieno  Apr 02, 2020 15:25  UTC 07:25

2 Min Read

Guardicore, a cloud security and data center firm, has issued a report showing how a malware botnet, tracked as Vollgar botnet, has been hijacking Microsoft SQL Server (MS-SQL) databases around the world and forcing them to mine the cryptocurrencies Vollar and Monero.

Botnet dangers and potential damage

The crypto-mining botnet has been used to create brute-force attacks against Microsoft SQL databases to take over admin accounts and then install crypto mining scripts on the underlying operating system. Since May 2018, the botnet has been targeting Windows machines running MS-SQL servers to deploy multiple backdoors, breach victim machines, and execute malicious modules like cryptominers and multifunctional remote access tools (RATs). The Vollgar botnet successfully manages to infect about 2000-3000 new machines each day. The malware has been targeting victims in various industries, including telecommunications, IT, higher education, aviation, and healthcare sectors.

According to the report, most-infected countries are India, Turkey, China, the United States, and South Korea, with the most attacking machines located in China.

Upon successful launching brute force attack into MS-SQL servers, the botnet operators conduct a range of configuration changes to the databases to enable future command execution. The malware has been compromising machines, repurposing to scan and infect new victims. Of course, victims are prone to get reinfected with the malicious malware. This occurs because MS-SQL administrators are not aware of how to remove all of the malware’s modules properly, thus leaving the door for the malware to reinstall itself.

Guardicore Lab has published a GitHub repository with scripts to help victimized MS-SQL administrators to detect backdoor accounts and files created by the malware on infected machines. 

Concern for cryptojacking and blockchain security issues

A McAfee report in August 2019 indicated that cryptojacking is a critical area of concern. The growth of crypto prices influences the rising cases of scammers scrambling for other people’s computing power. Crypto-mining malware infects about 3000 systems per day and responsible for stealing private account information cached in the users’ computers. Crypto users are the most vulnerable to malware attacks.


Image via Shutterstock

Read More