CYBER SECURITYNews

Sophos Identifies Source Of “MrbMiner” Attacks Targeting Database Servers


Sophos published a new report on MrbMiner, a recently discovered cryptominer that targets internet-facing database servers (SQL servers) and downloads and installs a cryptominer.

The MrbMiner cryptominer according to Sophos is said to have originated from a  small software development company based in Iran. 

SophosLabs found that the attackers used multiple routes to install the malicious mining software on a targeted server, with the cryptominer payload and configuration files packed into deliberately mis-named zip archive files. 

The name of an Iran-based software company was hardcoded into the miner’s main configuration file. This domain is connected to many other zip files also containing copies of the miner. These zip files have in turn been downloaded from other domains, one of which is mrbftp.xyz. 

“In many ways, MrbMiner’s operations appear typical of most cryptominer attacks we’ve seen targeting internet-facing servers,” said Gabor Szappanos, threat research director, SophosLabs.

“The difference here is that the attacker appears to have thrown caution to the wind when it comes to concealing their identity. Many of the records relating to the miner’s configuration, its domains and IP addresses, signpost to a single point of origin: a small software company based in Iran.” Gabor added. 

In an age of multi-million dollar ransomware attacks that bring organizations to their knees, Gabor says it can be easy to discount cryptojacking as a nuisance rather than a serious threat, but that would be a mistake.

”Cryptojacking is a silent and invisible threat that is easy to implement and very difficult to detect. Further, once a system has been compromised it presents an open door for other threats, such as ransomware. It is therefore important to stop cryptojacking in its tracks. Look out for signs such as a reduction in computer speed and performance, increased electricity use, devices overheating and increased demands on the CPU.” he says.

The report is available for download here.

Follow us on TelegramTwitterFacebookor subscribe to our weekly newsletter to ensure you don’t miss out on any future updates.

Facebook Comments

Safaricom NEON RAY 2 Unboxing

Nixon Kanali

Tech journalist based in Nairobi. I write about tech, business and African startups. Founder and Editor For TechTrendsKE. Nixon is also the East African tech editor for Africa Business Communities. Send tips to nkanali@techtrendske.co.ke.

Leave us a comment

Back to top button