Cybersecurity researchers have unpacked a new malware strain dubbed PG_MEM that’s designed to mine cryptocurrency after brute-forcing their way into PostgreSQL database instances.
“Brute-force attacks on Postgres involve repeatedly attempting to guess the database credentials until access is gained, exploiting weak passwords,” Aqua security researcher Assaf Morag said in a technical report.
“Once accessed, attackers can leverage the COPY … FROM PROGRAM SQL command to execute arbitrary shell commands on the host, allowing them to perform malicious activities such as data theft or deploying malware.”
The attack chain observed by the cloud security firm entails targeting misconfigured PostgreSQL databases to create an administrator role in Postgres and exploiting a feature called PROGRAM to run shell commands.