MrbMiner crypto-jacking campaign linked to Iranian software company

Sophos researchers have investigated the brute-force attacks on MSSQL servers with the intent to compromise them and install crypto-mining malware dubbed MrbMiner. After gaining the access to the system, hackers downloaded an initial assm.exe file to achieve persistence and to add a backdoor account for future access. Then the malicious code connects to the C2 to download Monero cryptocurrency miner that runs on a local server. Read more...