Posted: September 16, 2020

MrbMiner Description

Cybercriminals continue to try and exploit different systems to plant their threatening software on them. One of the latest cybercrime gangs to participate in such a campaign is using a brand new piece of malware dubbed MrbMiner. So far, active copies of the threat have only been found on MSSQL servers whose security was probably compromised by the criminals. It is not clear what infection vector or attack technique they use, but it is very likely that they are scanning the Internet for unsecured MSSQL servers that use weak login credentials. It seems like these brute-force attacks are surprisingly efficient since many cryptocurrency mining gangs rely on them.

The MrbMiner Gang Compromises MSSQL Servers to Mine for Monero

If the MrbMiner gang manages to penetrate a server's security successfully, they will make sure to gain boot persistence by setting up a new backdoor account with full permissions. According to a cybersecurity report, the criminals are always using the same fake account – 'Default' with the password '@fg125khnhn987.' Once all of these things are taking care of, the hackers proceed to plant a Trojanized XMR (Monero) miner. The software will hog a lot of CPU resources to mine XMR coins that will be transferred to the attackers' wallets. During this time, the victims are likely to experience major performance issues since all of their server's resources will be hijacked by the MrbMiner.

So far, the MrbMiner has generated around 7 XMR ($630) for its creators, but the sum is likely to extend in the next few weeks. One way to make sure that the MrbMiner is not present on your MSSQL server is to check for the presence of the account mentioned above. Of course, the better option is to run an up-to-date anti-virus tool that will ensure the full removal of any threatening software.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to MrbMiner may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.