A new malware gang has made a name for itself over the past few months by hacking into Microsoft SQL Servers (MSSQL) and installing a crypto-miner.
Thousands of MSSQL databases have been infected so far, according to the cybersecurity arm of Chinese tech giant Tencent.
In a report published earlier this month, Tencent Security has named this new malware gang MrbMiner, after one of the domains used by the group to host their malware.
The Chinese company says the botnet has exclusively spread by scanning the internet for MSSQL servers and then performing brute-force attacks by repeatedly trying the admin account with various weak passwords.
Once the attackers gained a foothold on a system, they downloaded an initial assm.exe file, which they used to establish a (re)boot persistence mechanism and to add a backdoor account for future access. Tencent says this account uses the