Cybercriminals continue to try and exploit different systems to plant their threatening software on them. One of the latest cybercrime gangs to participate in such a campaign is using a brand new piece of malware dubbed MrbMiner. So far, active copies of the threat have only been found on MSSQL servers whose security was probably compromised by the criminals. It is not clear what infection vector or attack technique they use, but it is very likely that they are scanning the Internet for unsecured MSSQL servers that use weak login credentials. It seems like these brute-force attacks are surprisingly efficient since many cryptocurrency mining gangs rely on them.
The MrbMiner Gang Compromises MSSQL Servers to Mine for Monero
If the MrbMiner gang manages to penetrate a server's security successfully, they will make sure to gain boot persistence by setting up a new backdoor account with full permissions. According to a cybersecurity report, the criminals are always using the same fake account – 'Default' with the password '@fg125khnhn987.' Once all of these things are taking care of, the hackers proceed to plant a Trojanized XMR (Monero) miner. The software will hog a lot of CPU resources to mine XMR coins that will be transferred to the attackers' wallets. During this time, the victims are likely to experience major performance issues since all of their server's resources will be hijacked by the MrbMiner.
So far, the MrbMiner has generated around 7 XMR ($630) for its creators, but the sum is likely to extend in the next few weeks. One way to make sure that the MrbMiner is not present on your MSSQL server is to check for the presence of the account mentioned above. Of course, the better option is to run an up-to-date anti-virus tool that will ensure the full removal of any threatening software.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to MrbMiner may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.