Disputed PostgreSQL bug exploited in cryptomining botnet
PGMiner cryptomining botnet remained unnoticed by exploiting a disputed CVE in PostgreSQL
Share this item with your network: By Published: 11 Dec 2020 13:45
A newly discovered Linux-based cryptocurrency mining botnet exploited a disputed remote code execution (RCE) vulnerability in PostgreSQL – first disclosed in 2018 and initially assigned CVE-2019-9193 – in order to compromise database servers and co-opt them into the mining network, researchers at Palo Alto Networks’ Unit 42 team say.
Dubbed PGMiner by the research team of Xiao Zhang, Yang Ji, Jim Fitzgerald, Yue Chen and Claud Xiao, the botnet is thought to be the first cryptomining botnet delivered via PostgreSQL ever to be detected. The team said it was notable that malicious actors had started to weaponise not just confirmed CVEs, but disputed ones.