Hackers installed malware on Microsoft SQL servers (opens in a new tab) to monetize endpoint bandwidth.
Ahnlab's findings uncovered a special type of malware, called proxyware, that turns the host device into a proxy server (opens in a new tab) that remote users can use for a variety of things, from testing to distributing content.
To trick people into using proxyware, malware owners pay them part of the process, with researchers saying some can earn up to €6,000 a month by renting excess bandwidth.
Bundling it with malware
Now the hackers have come up with an ingenious idea, to install proxy software on Microsoft SQL servers and have the profit route to their accounts. Other than a few hiccups and a general slowdown in Internet speeds, server owners shouldn't experience much of a difference, the researchers said.
Another reason Microsoft SQL servers are an attractive target for cybercriminals is that the IP addresses of the endpoints are not blacklisted.
In their report (opens in a new tab), Ahnlab mentioned two separate variants of proxy software, Peer2Profit and IPRoyal. Cybercriminals seem to distribute them by combining them with other varieties of adware and malware. Once the proxy software is installed by the victim, the attackers will see it as a newly available proxy, which third parties can use for any reason, including criminal activity.
This campaign has been active since June 2022, the researchers say, adding that proxy software is on the rise, mainly due to its ability to remain undetected for a relatively long time, making money for operators.
In addition to proxy software, MS-SQL users should also beware of cryptominers, other types of malware that may or may not slow down the target device, but will not harm or render it useless. Cryptominers mine cryptocurrency for malware operators, and given the nature of mining, they can consume a lot of computing power and lead to high electricity bills.
Via: BleepingComputer (Opens in a new tab)