Security News > 2021 > January > MrbMiner Crypto-Mining Malware Links to Iranian Software Company
A relatively new crypto-mining malware that surfaced last year and infected thousands of Microsoft SQL Server databases has now been linked to a small software development company based in Iran.
First documented by Chinese tech giant Tencent last September, MrbMiner was found to target internet-facing MSSQL servers with the goal of installing a cryptominer, which hijacks the processing power of the systems to mine Monero and funnel them into accounts controlled by the attackers.
The name "MrbMiner" comes after one of the domains used by the group to host their malicious mining software.
"The difference here is that the attacker appears to have thrown caution to the wind when it comes to concealing their identity. Many of the records relating to the miner's configuration, its domains and IP addresses, signpost to a single point of origin: a small software company based in Iran.".
MrbMiner sets about its task by carrying out brute-force attacks against the MSSQL server's admin account with various combinations of weak passwords.
One of the domains in question, "Vihansoft[.]ir," was not only registered to the Iranian software development company but the compiled miner binary included in the payload left telltale signs that connected the malware to a now-shuttered GitHub account that was used to host it.
News URL
Related news
- Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- Linux malware “perfctl” behind years-long cryptomining campaign (source)
- Linux systems targeted with stealthy “Perfctl” cryptomining malware (source)
- Crypto-stealing malware campaign infects 28,000 people (source)
- Perfctl malware strikes again as crypto-crooks target Docker Remote API servers (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)