Type
Campaign
Actors
JINX-0126
Pub. date
August 19, 2024
Initial access
Software misconfigPassword attack
Impact
Resource hijacking
Observed techniques
Password bruteforcingMisconfigured PostgreSQL abuse
Observed tools
XMRig
Targeted technologies
PostgreSQL
References
https://www.aquasec.com/blog/pg_mem-a-malware-hidden-in-the-postgres-processes/
Status
Finalized
Last edited
Feb 27, 2025 2:35 PM
Researchers have discovered a new PostgreSQL malware called PG_MEM, which uses brute force attacks to access databases, hide its operations, and mine cryptocurrency. The attack involves creating a superuser role, delivering two malware payloads, and evading detection while eliminating competition. Attackers exploit weak passwords and PostgreSQL's command execution capabilities to gain persistence and run cryptominers.