MrbMiner crypto-jacking campaign linked to Iranian software company

Sophos researchers have investigated the brute-force attacks on MSSQL servers with the intent to compromise them and install crypto-mining malware dubbed MrbMiner.

After gaining the access to the system, hackers downloaded an initial assm.exe file to achieve persistence and to add a backdoor account for future access.

Then the malicious code connects to the C2 to download Monero cryptocurrency miner that runs on a local server.


Read More

Got Something To Say?

Your email address will not be published. Required fields are marked *