Type
Campaign
Actors
Pub. date
August 19, 2024
Initial access
Software misconfigPassword attack
Impact
Resource hijacking
Observed techniques
Observed tools
Targeted technologies
Status
Finalized
Last edited
Aug 25, 2024 12:27 PM
Researchers have discovered a new PostgreSQL malware called PG_MEM, which uses brute force attacks to access databases, hide its operations, and mine cryptocurrency. The attack involves creating a superuser role, delivering two malware payloads, and evading detection while eliminating competition. Attackers exploit weak passwords and PostgreSQL's command execution capabilities to gain persistence and run cryptominers.