Connect with us

Hi, what are you looking for?

HEADLINES

Sophos identifies source of ‘MrbMiner’ attacks targeting database servers

MrbMiner is a recently discovered cryptominer that targets internet-facing database servers (SQL servers) and downloads and installs a cryptominer. Database servers are an attractive target for cryptojackers because they are used for resource intensive activity and therefore have powerful processing capability.

Sophos, a global player in next-generation cybersecurity, published a new report on MrbMiner, “MrbMiner: Cryptojacking to bypass international sanctions,” tracking its origin and management to a small software development company based in Iran. 

MrbMiner is a recently discovered cryptominer that targets internet-facing database servers (SQL servers) and downloads and installs a cryptominer. Database servers are an attractive target for cryptojackers because they are used for resource intensive activity and therefore have powerful processing capability. 

SophosLabs found that the attackers used multiple routes to install the malicious mining software on a targeted server, with the cryptominer payload and configuration files packed into deliberately mis-named zip archive files. 

The name of an Iran-based software company was hardcoded into the miner’s main configuration file. This domain is connected to many other zip files also containing copies of the miner. These zip files have in turn been downloaded from other domains, one of which is mrbftp.xyz. 

Advertisement. Scroll to continue reading.

“In many ways, MrbMiner’s operations appear typical of most cryptominer attacks we’ve seen targeting internet-facing servers,” said Gabor Szappanos, threat research director, SophosLabs. “The difference here is that the attacker appears to have thrown caution to the wind when it comes to concealing their identity. Many of the records relating to the miner’s configuration, its domains and IP addresses, signpost to a single point of origin: a small software company based in Iran.

“In an age of multi-million dollar ransomware attacks that bring organizations to their knees it can be easy to discount cryptojacking as a nuisance rather than a serious threat, but that would be a mistake. Cryptojacking is a silent and invisible threat that is easy to implement and very difficult to detect. Further, once a system has been compromised it presents an open door for other threats, such as ransomware. It is therefore important to stop cryptojacking in its tracks. Look out for signs such as a reduction in computer speed and performance, increased electricity use, devices overheating and increased demands on the CPU.”

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

Creativity and experience is a common AI activity theme among Filipinos with 48% using it for photo editing and 42% for both entertainment and...

HEADLINES

Converge will leverage Ribbon’s advanced Muse Multilayer Automation Platform (MAP) designed to maximize the value of IP Optical network investments through comprehensive control, analysis,...

HEADLINES

Designed to address the challenges of high-value investments, the facility provides a venue where businesses can test ideas, refine processes, and explore the full...

HEADLINES

By teaming up with PICKUP COFFEE, known for its premium, espresso-based coffee and exceptional customer service, Caltex can offer customers a rewarding coffee experience...

HEADLINES

The future of communications hinges on our ability to responsibly harness artificial intelligence, ensuring it enhances, rather than undermines, the art of strategic communication.

HEADLINES

To meet surging AI demands, 43% of new data center facilities are expected to be dedicated to AI workloads. With AI model training and...

HEADLINES

Qwen2.5-Omni-7B delivers uncompromised performance and powerful multimodal capabilities. This unique combination makes it the perfect foundation for developing agile, cost-effective AI agents that deliver...

HEADLINES

The exploit, discovered by Kaspersky’s Global Research and Analysis Team (GReAT), required no user interaction beyond clicking a malicious link and demonstrated exceptional technical...

Advertisement