Security News > 2022 > October > Hundreds of Microsoft SQL servers backdoored with new malware

Security researchers have found a new piece of malware targeting Microsoft SQL servers.
Named Maggie, the backdoor has already infected hundreds of machines all over the world.
Maggie is controlled through SQL queries that instruct it to run commands and interact with files.
Its capabilities extend to brute-forcing administrator logins to other Microsoft SQL servers and doubling as a bridge head into the server's network environment.
The malware offers simple TCP redirection functionality, which allows remote attackers to connect to any IP address the infected MS-SQL server can reach.
At this time some details remain unknown, like the post-infection use of Maggie, how the malware is planted in the servers in the first place, and who is behind these attacks.
News URL
Related news
- Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (source)
- Microsoft admits GitHub hosted malware that infected almost a million devices (source)
- Microsoft: New RAT malware used for crypto theft, reconnaissance (source)
- Microsoft Trust Signing service abused to code-sign malware (source)
- Microsoft Trusted Signing service abused to code-sign malware (source)
- New Android malware uses Microsoft’s .NET MAUI to evade detection (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- Hijacked Microsoft web domain injects spam into SharePoint servers (source)
- Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)