Thousands of Microsoft Servers Infected by Crypto-Mining Botnet Since 2018, Says Report

The attackers have apparently been targeting Microsoft SQL database servers to mine cryptocurrency for two years.

Apr 1, 2020 at 2:05 p.m. UTC
Updated Sep 14, 2021 at 8:24 a.m. UTC

A malicious botnet has been targeting Microsoft SQL database servers to mine cryptocurrency for two years, according to a new report.

Guardicore Labs said Wednesday that in the last several weeks alone, the hackers had managed to infect close to 2,000 to 3,000 servers daily. As reported by Hacker News, the botnet has been dubbed "Vollgar" after the vollar cryptocurrency it mines alongside monero (XMR), and its "vulgar" way of operating.

The attack brute-forces passwords in order to access servers with poor security. Once in, it executes configuration changes allowing the hackers to run malicious commands and download malware binaries.

Entities across health care, aviation, IT, telecoms and education in China, India, South Korea, Turkey and the U.S. have all been affected, according to the report.

The network of compromised computers was used to host all of the attackers infrastructure, with its primary command-and-control server based in China, according to Guardicore. That itself had been compromised by multiple attackers, the firm added.

To help companies find out if their servers have been infected by this attack, Guardicore has released a script on GitHub.

In other security news, ZDNet reported earlier this week that QR codes – now ubiquitous across the bitcoin industry as a mean of making it easier to make bitcoin payments – have become another attack vector.

The shockingly simple attack saw malicious actors provide a purported service allowing people to create a QR code for payments to their bitcoin addresses. However, the address inserted was the attacker's own.

Harry Denley, director of security at MyCrypto, discovered the scheme hosted on nine websites. According to the report, some $45,000 in bitcoin (BTC) has been stolen in the last month.

For the record, it's advisable to avoid these sites at all costs: bitcoin-barcode-generator.com, bitcoinaddresstoqrcode.com, bitcoins-qr-code.com, btc-to-qr.com, create, bitcoin-qr-code.com, free-bitcoin-qr-codes.com, freebitcoinqrcodes.com, qr-code-bitcoin.com and qrcodebtc.com

The Festival for the Decentralized World
Thursday - Sunday, June 9-12, 2022
Austin, Texas
Save a Seat Now

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Trending

1
Crypto Wallet BitKeep Raises $15M at $100M Valuation

Dragonfly Capital led the round, which will fund a cross-chain DAO for wallet users.

Dragonfly Capital led the round, which will fund a cross-chain DAO for wallet users.

2
SEC’s Gensler Uses Crypto Oversight Needs as Case for Higher Budget

SEC Chair Gary Gensler told U.S. House budget appropriators that he’d like to be doing more to protect crypto investors.

SEC Chair Gary Gensler told U.S. House budget appropriators that he’d like to be doing more to protect crypto investors.

3
Mike Novogratz Ends Twitter Silence, Shares Take on UST/LUNA Crash

The Galaxy Digital CEO confirmed that his company had been taking profits on its Terra holdings this year.

The Galaxy Digital CEO confirmed that his company had been taking profits on its Terra holdings this year.

4
Chainalysis Reveals ‘Storyline’ Product to Follow the Money in Crypto Crime

“You have an entire investigation that tells the entire story of what happened,” Chief Scientist Jacob Illum said.

“You have an entire investigation that tells the entire story of what happened,” Chief Scientist Jacob Illum said.