PGMiner Botnet
Crypto-jacking campaigns are a very profitable scheme for cybercriminals, and the strategies used to execute them continue to evolve. Usually, attacks of this sort are carried out in the same manner. Still, cybercriminals are starting to experiment with various exploits and vulnerabilities to expand the reach of these attacks and plant as many cryptocurrency miners as possible. One of the latest projects of this sort is the PGMiner Botnet, and it targets a very specific list of devices – only Linux servers running a vulnerable version of PostgreSQL, a database management service. Some older PostgreSQL versions are vulnerable to 'Remote Code Execution,' and these are targets that the PGMiner Botnet operators are going after.
The good news is that while the PGMiner Botnet may reach many systems, there are easy ways to prevent its attack. Naturally, the best way to secure your database server is to apply the latest updates and patches to all software – this way, you will prevent the criminals from abusing old vulnerabilities like the one found in PostgreSQL. Furthermore, you can invest in a reputable anti-virus tool to keep your network safe.
If the PGMiner Botnet infiltrates a system successfully, it will execute several tasks to make its attack as smooth as possible:
- It will delete the original binary post-execution to run in fileless mode.
- It will look for other cryptocurrency miners and execute them.
- It will collect basic system information and transfer it to a control server.
The PGMiner Botnet and the mining module it employs are compatible with various architectures – x86, x64, and ARMS. Once the miner is running, it will use a pre-defined configuration file to start mining for Monero, a cryptocurrency also known as XMR. Because of this process, a large portion of the compromised system's CPU resources may be used, therefore hindering the performance of other software.
Applying the latest updates and patches, as well as investing in reputable anti-virus software, is the best way to mitigate the PGMiner Botnet attack.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.