- WIZ SPOT researchers a new cryptojacking campaign
- It has signed up for more than 1,500 poorly configured postgresql servers
- A variant of the infamous XMRIG Miner was displayed to try to steal cryptography
Computer pirates are pointing to poorly configured and publicly exposed postgressql servers with cryptocurrency miners, causing the researchers to virtually unusable as they collect the draft electricity law for the victims, the investigators warned.
Wiz’s threat research experts said the new attack was actually a variant of an already observed and continuous campaign, since the threat actors (which they call Jinx-0126) are aimed at postgressql instances configured with weak and guess login credentials. Once they find them and log in, they implement the XMRIG-C3 cryptomineer.
Xmrig is an enormously popular cryptomineer, since it extracts the monero cryptocurrency, which is generally much more difficult to track, compared to Bitcoin or other mining coins.
Monero mining
A cryptocurrency miner uses almost the entire computing power of the device, which makes it useless for almost anything else. This also means an increase in electricity consumption, resulting in an inflated invoice at the end of the month.
Cybercriminals, on the other hand, make Monero send directly to their wallets, which they can sell in the market open for US dollars or any other cryptocurrency. In many cases, money is spent on other malicious campaigns.
Wiz says that the campaign was first documented by Aqua Security researchers, but since then it has evolved.
The threat actors have supposedly implemented additional defense mechanisms and are deploying the miner without a row to evade being.
The researchers found that the threat actor assigned a single mining worker to each victim, which makes it relatively easy to determine how many devices are probably committed. According to its analysis, the campaign probably affected more than 1,500 devices.
“This suggests that the poorly configured postgresql instances are very common, providing a low fruit input point so that opportunistic threat actors explode,” they said.
“In addition, our data shows that almost 90% of the cloud of auto-host postgresql instances, of which a third has at least one instance that is publicly exposed to the Internet.”
Through The hacker news
