Hackers have been found installing malware on Microsoft SQL servers (opens in new tab) in order to monetize the endpoints’ bandwidth.
Findings from Ahnlab discovered a special type of malware, called proxyware, which turns the host device into a proxy (opens in new tab) server that remote users can use for different things, from testing, to content distribution.
To incentivize people to use proxyware, the malware owners pay them a portion of the proceedings, and according to the researchers, some can make as much as $6,000 a month for renting out excess bandwidth.
Bundling it with malware
Now, hackers have come up with an ingenious idea, to have proxyware installed on Microsoft SQL servers, and have the earnings funneled to their accounts. Besides for a few hiccups, and a general slowdown in internet speeds, the servers’ owners shouldn’t experience much of a difference, the researchers said.
Another reason why Microsoft SQL servers are an interesting target for cybercriminals is due to the fact that the endpoints’ IP addresses are not blacklisted.
In its report (opens in new tab), Ahnlab mentioned two separate proxyware variants, Peer2Profit, and IPRoyal. Cybercriminals seem to be distributing these by bundling them up with other adware and malware strains. Once the victim installs the proxyware, the attackers will see it as a newly available proxy, which third parties can use for whatever reason, including criminal activity.
This campaign has been active since June 2022, the researchers say, adding that proxyware is on the rise, mostly due to its ability to remain undetected for relatively long, earning serious cash for the operators.
Besides proxyware, MS-SQL users should also be wary of cryptominers, another type of malware that may, or may not, slow down the target device, but will not damage it or render it useless. Cryptominers mine cryptocurrencies for the malware operators, and given the nature of mining, might take up a significant portion of computing power and might rake in hefty electricity bills.
Via: BleepingComputer (opens in new tab)