Hackers are abusing a disputed vulnerability to launch attacks on Linux machines

Lock
(Image credit: Shutterstock)

Security researchers from Palo Alto Networks have discovered a new botnet that targets misconfigured PostgreSQL databases running on Linux servers to install a cryptocurrency miner.

Named PgMiner by the researchers, the bot performs brute-force attacks against PostgreSQL databases, and exploits its disputed remote code execution (RCE) ability to mine the Monero cryptocurrency.

PostgreSQL is one of the most popular open-source relational database management systems (RDBMS). Although it was first released over two decades ago, the database is still ranked as the fourth most popular database by DB-Engines as of December 2020.

Exploits human error

“We believe PGMiner is the first cryptocurrency mining botnet that is delivered via PostgreSQL,” note the Palo Alto Networks Unit42 researchers.

The researchers explain that PGMiner hunts for PostgreSQL installations whose administrators have forgotten to disable the default ‘postgres’ administrator user account. It then brute-forces its way to the account’s password, before exploiting PostgreSQL’s controversial copy from program feature to start mining.

The copy from program feature was introduced in PostgreSQL v9.3 back in 2013 and allows local and remote superusers to run shell scripts directly on the server.

depiction of the working of the PGMiner bot

(Image credit: Palo Alto Networks)

Security researchers dubbed this feature a vulnerability since it could be used to launch attacks from compromised databases. However, the PostgreSQL community disputed calling it a vulnerability since it could only be exploited on misconfigured installations.

PGMiner has proved them both right.

While the Unit42 researchers only found evidence of PGMiner targeting Linux servers, they argue the malware could theoretically be made to attack other platforms since PostgreSQL runs on Windows and macOS as well.

Via: Palo Alto Networks

TOPICS
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Latest in Security
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Latest in News
DeepSeek
Deepseek’s new AI is smarter, faster, cheaper, and a real rival to OpenAI's models
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
An aerial view of an Instavolt Superhub for charging electric vehicles
Forget gas stations – EV charging Superhubs are using solar power to solve the most annoying thing about electric motoring