Hackers installed malware on Microsoft SQL servers (opens in a new tab) in order to monetize the endpoint bandwidth.
Ahnlab’s results revealed a special type of malware called proxyware that turns a host device into a proxy server (opens in a new tab) a server that remote users can use for a variety of purposes, from testing to distributing content.
To encourage people to use proxy software, malware owners pay them a portion of the cost of the proceedings, and some researchers say they may earn as much as $ 6,000 a month renting excess bandwidth.
Attaching it to malware
Now hackers have had the brilliant idea of installing proxy software on Microsoft SQL servers and transferring their earnings to their accounts. Aside from a few hiccups and a general slowdown in Internet speeds, server owners shouldn’t feel much of a difference, researchers say.
Another reason why Microsoft SQL servers are an interesting target for cybercriminals is that endpoint IP addresses are not blacklisted.
In his report (opens in a new tab), Ahnlab mentioned two separate variants of proxy software, Peer2Profit and IProyal. Cyber criminals seem to proliferate them by combining them with other varieties of adware and malware. Once the victim installs proxy software, attackers will see it as a newly available proxy server that third parties can use for any reason, including criminal activity.
This campaign has been active since June 2022, researchers say, adding that proxy software is growing, largely due to its ability to remain undetected for relatively long periods of time, bringing operators serious money.
In addition to proxy software, MS-SQL users should also be wary of cryptocurrencies, another type of malware that may or may not slow down the target device, but will not damage it or make it unusable. Cryptominers mine cryptocurrencies for malware operators and given the nature of the mining, they can eat up a significant amount of computing power and can result in high electricity bills.
By: A hissing computer (opens in a new tab)